how to handle "bad" signers?
Alphax
alphasigmax at gmail.com
Sat Nov 5 15:39:36 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
David Shaw wrote:
> On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote:
>
<snip>
>
>>How should 4) be dealt with?
>>
>>As far as I am aware the is no negative signature or any other way to
>>mark those keys - except for local trust settings.
>
>
> That is correct. It really has to be this way, for good and for bad.
> Trust is inherently subjective - even the 1-2-3 trust levels are just
> guidelines and there is no way to enforce them beyond asking people
> nicely not to abuse the system.
>
> Of course, it would be possible to propose a different trust model
> that takes into account such things (a reputation system), but that
> would be a reasonably different beast than the current system. Not
> impossible, but it would take some working out of details. OpenPGP
> currently has no way to make a "negative" signature.
>
If it did, there would be a corresponding "Web of Antitrust".
- --
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQEVAwUBQ2zEJ7MAAH8MeUlWAQhmzQgAooOGpX2p31Bgoc8F4egWzFgHCS2pWO+z
Bsl8YgnGdjzT7Q0GVOsP55LjPPKRSBh1+yIDrWYIqWyuLp1a74ZQTw5u8NDDtPj9
NhHSwa6kB+sQksaT3U5I4AZL7uygh79CI7AtGj/TOafoal+IKYXzVmA/DPGCVMkJ
ovhv1NzfXnyRR6UGmviBrket9gaWNOST65o75NrCQww2UelH31xNPweLXclRxWkf
aLs8wuNzO375MrtQkRtIFv0CDSysd4HMgByXC/p1QZdiv6o0rqKOq0heCTSPIr1Q
qMqfQY9y4aWHiifHvJeYllo04V8/b7yULSj6U8h2TUpjf9gZqmNuUQ==
=pM1Y
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list