Signing a Key

Atom Smasher atom at smasher.org
Sat Feb 5 20:31:23 CET 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, 5 Feb 2005, Jason Harris wrote:

> Even ignoring 0x11 signatures, a 0x12 signature from a given issuer 
> implies less trust (due to less checking) than a 0x13 signature from the 
> same issuer.  What is the point in (any OpenPGP program) throwing this 
> extra data away (by ignoring it in trust calculations)?
=====================

i don't know about anyone else, but i reserve 0x13 sigs for people i 
*know*, usually for some length of time.

if i meet someone at a keysigning party and they show me some 
identification with a picture that looks like them, that earns a 0x12 from 
me. i have no idea who they *really* are, but they have gone through the 
trouble of showing me some identification that looks like them. OTOH if my 
brother, or someone who i've known personally for a several years wants me 
to sign their key, they're more likely to _earn_ a 0x13 sig from me.

to me, that fits the definition of "casual" and "extensive" verification. 
if i board a plane and they look at my identification, i wouldn't call 
that an "extensive" check.

of course, the system does encourage people to do what makes sense for 
them. there isn't necessarily a wrong way to issue sigs... as long as 
there's a defensible reasoning for it, everyone can choose for them self 
how to define "casual" and "extensive".


- -- 
         ...atom

  _________________________________________
  PGP key - http://atom.smasher.org/pgp.txt
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
  -------------------------------------------------

 	"A good many observers have remarked that if
 	 equality could come at once the Negro would
 	 not be ready for it. I submit that the
 	 white American is even more unprepared."
 		-- Martin Luther King, Jr.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures

iQEcBAEBCAAGBQJCBR8WAAoJEAx/d+cTpVciK2YH/2cByYzBVMZTK42Jl6vtk8gf
wl4PqGSsKOCkoce83YKz+kVZrJjR9gbAZwZ9QYAi4SIKSNcewswhk11FIw2ag5d5
itkOYDVNM2ec4L+VhyL/FPsn93kqbrhY0smKM9R2AnBaiNcvnGp44Mkyg+gZs+bd
QOr7Xzsf2w4s+aj239qtuVIbQ86QIhSXpq8fFp7m3TnOSFUzhdtXqsJhDk0efCJ7
K8IrOl4RclPj47BrcalotKgsZbgt2lhjXQQstSD+5i6d1fSGBZ/NoLCqgWo8IhiQ
iACNoPBE7UmAWurdMEp+7J1kT2cj1lowNu06WFrWTBw3MG/PxPNdOOf/cm6OJEU=
=RDYU
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list