Effects of --default-cert-level

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 13 23:36:19 CEST 2025 

> Later, I came to the conclusion that this is not a valid argument.

It being October 13, the Annual Day of Reconciliation, I find myself 
defending dkg's position.

> A "casual" certification level to me, may be different from
> a "casual" certification level in other person's mind.  Which means that
> it does not reveal the people that I like, and does not reveal my social
> graph, at all.
> 
> It just reveals how accurate I am assuring some key's information is.

No: it doesn't even reveal that, unless you first make publicly 
available your criteria for issuing each level of verification. If I see 
a persona certification, a casual certification, and a vetted 
certification, I have no idea what semantics to attach to any of them. 
For all I know your 'casual signature' requires a passport and DNA 
sample and your 'vetted signature' requires a polygraph examination. Or 
vice-versa. Or nothing at all.

The requirement that signers post their criteria for issuing different 
kinds of certifications -- a requirement neither the spec nor GnuPG 
advertise, but which is absolutely necessary for this feature to work as 
intended -- returns us to the realm of revealing a lot of information.

dkg says the revelations are too great. I disagree: each individual gets 
to decide whether the revelations are too great to be compatible with 
their risk model. But I certainly concur with him there are significant 
revelations.

> I also want to add, that I love the way that GnuPG separated the
> certification level into 4 levels.  "No opinion" level means silence.
> "Persona" means negative.  "Casual" means neutral.  "Extensive" means
> positive.

It does not. The meaning is left for individuals to precisely define. 
What does 'casual verification' mean? What IDs are acceptable? Why? Is 
the signer competent to recognize false IDs of those kinds? How do you 
*know* the signer is competent to adhere to that stated policy?

These aren't academic things. If you're doing real-world cryptographic 
engineering, these are bread-and-butter issues.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20251013/fcd45595/attachment.sig>

More information about the Gnupg-users mailing list