Set date for signature to expire
Anonymous
unknown_kev_cat at hotmail.com
Mon Jun 6 18:20:33 CEST 2005
">
> Your are mixing up two things: The statement that you checked the
> owneership of the key at a certain date and how far you trust the
> owner of the key to implement decent keymanagment abilities.
I know that the OpenPGP group has taken great pains to not define trust. It
leaves trust to be defined by the user and/or the application.
That said a signature on a key can be one of two things, depending on
perspective.
#1. A satement that you have checked the ownership of the key at the
indicated time.
OR
#2. A statement that you trust that the UID accurately reflects the true
ownership of the key.
Both have the same meaning as far as ownership checks, as i would not trust
that the UID reflects the true ownership of the key well enough to sign it
unless i have verified identity. However the second one does have a
reasonable reason for signature expiration.
Both are reasonable, and I suspect that many people take the second view,
even if the first view is the official one.
> Salam-Shalom,
>
> Werner
More information about the Gnupg-users
mailing list