On 12-07-19 at 02:09pm, Fifty Four wrote: > So, under what conditions would you give a Level 3 signing to a > pseudonymous name on a key? I assume a Level 3 signing means Full > validity?
Policies for keysigning is bound to the communities that use them. For Debian the purpose of keysigning is to ensure linkage between digital identity with a physical and legal identity: a passport is a strong identifier there and pseudonyms are pretty much by definition going against the very purpose of the aim for keysigning there. It would in that context require some alternative strong measure of tying a virtual person to a legal/physical person - and I am not sure I would ever sign a pseudonym key for the context of Debian. I can easily imagine getting involved in a different community where the purpose of keysigning would be to tie to virtual identities strongly together - independent from - or perhaps even actively separated from - physical or legal ones: a passport is a much weaker or even bad identifier there. As I understand it, the "levels" I assing to a signature are for my own private bookkeeping, not part of the signature so not published if the signature gets published, so levels are less of a concern here (only relevant for revealing you if our enemy got access to private parts of my GPG key, which would have much worse uses than read "rankings" of signatures issued by me. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: Digital signature
_______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
