On Sun, Nov 27, 2005 at 06:04:56PM -0700, Bob Proulx wrote: > I recently signed a key using gpg-1.4.1 and see that (at least on my > Debian Sarge system) no-ask-cert-level apears to be the default > default-cert-level is "0 (no particular claim)".
Yes. > In the old days I remember it would always ask this question upon > signing and so assume the default must have been ask-cert-level. Now > it does not ask and unless you add that option ahead of time it will > create a signature without any claim. I have been out of touch and > thought I would ask about the current status of these levels in a > signed key. I would appreciate the education. You pretty much summarized it. --ask-cert-level turns on the question. If you don't have the question turned on, GPG will use the value from --default-cert-level, which defaults to 0. > If a key has been signed with a default-cert-level of 0 is it possible > to go back and edit the key signature and increase the level on a key? > I could not find a way to do this. The best I could find was to > delete the key plus signature and sign it again using a different > level. Of course that worked. That is the only way to do it. The cert level is part of the signature, and thus changing it requires issuing a new signature. > Is this cert level no longer considered useful? Should I not include > a cert level with keys I sign now? Or should we always add that > option when signing a key? What is the standard proceedure? It's a matter of personal taste, really. Some people like it, and some don't. It doesn't make much difference in practice since (unless you're issuing level 1 sigatures, which are ignored by default), all signature levels (or 0) are treated the same. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
