Effects of --default-cert-level
Robert J. Hansen
rjh at sixdemonbag.org
Mon Oct 13 22:06:14 CEST 2025
> Some of the regular readers of this list (including myself) think
> that the cert-level features in gpg (and the certification levels in
> the underlying standard, OpenPGP) are misfeatures. Leaving things
> as the default is the most reasonable way to go:
Wait, is it October 13 again? The one day each year dkg and I agree on
something?
(Casual list readers are urged to read that tongue-in-cheek. Daniel and
I have an earned reputation for disagreement on technical issues, but
please don't confuse "strong technical disagreement" with "unwillingness
to buy them a beer why we tell them they're wrong".)
For quite some years I was weakly in favor of it: it provided a
capability that could be useful in certain contexts and I thought it
should be preserved for that alone. But in thirty years of using
ClassicPGP and OpenPGP (and now adding LibrePGP), I have never found
anyone with a real-world use case for it and probably fifty or so people
confused by it.
Anything with that bad of a utility-to-confusion ratio should probably
be abandoned. It's just not worth it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/3a3368de/attachment.sig>
More information about the Gnupg-users
mailing list