[ not on-topic for this thread, hence the subject change ] On Thu 2017-02-23 05:00:54 -0500, Gerd v. Egidy wrote: >> The certificate (aka public key) includes all signatures, all the data >> on the keyserver. It's data you don't really need to back up since it is >> public, and it can be huge. My key.asc file is 137,424 bytes following >> your instructions. > > Seems you are trusted by much more people than me ;)
I'm calling this out because it's a common misconception, and i don't want it to lie here unchallenged when someone is browsing the archives. The people who "sign your key" (who have created an OpenPGP certification that binds your primary key to your User ID) are only identifying you and your key. They have said nothing about "trust" by making those certifications. For example, I am happy to certify the identity and key of someone who i do not trust at all, as long as i know who they are and they've asserted their key to me in-person, or across some reliable, non-forgeable transport. So the fact that Alice has a dozen certifications on her key and Bob has two doesn't mean that Alice is trusted by more people than Bob at all. It just means that more people have been willing to publicly assert that they know Alice's identity and key than have been willing to publicly assert the same information about Bob. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users