">
Your are mixing up two things: The statement that you checked the
owneership of the key at a certain date and how far you trust the
owner of the key to implement decent keymanagment abilities.
I know that the OpenPGP group has taken great pains to not define trust. It
leaves trust to be defined by the user and/or the application.
That said a signature on a key can be one of two things, depending on
perspective.
#1. A satement that you have checked the ownership of the key at the
indicated time.
OR
#2. A statement that you trust that the UID accurately reflects the true
ownership of the key.
Both have the same meaning as far as ownership checks, as i would not trust
that the UID reflects the true ownership of the key well enough to sign it
unless i have verified identity. However the second one does have a
reasonable reason for signature expiration.
Both are reasonable, and I suspect that many people take the second view,
even if the first view is the official one.
Salam-Shalom,
Werner
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
