Tony Whitmore wrote: > Yet it's already been suggested in this thread that this represents > insufficient verification.
Simple answers like "sufficient" or "insufficient" are tempting, but they utterly lack context. When it comes to these questions, you need to carefully assess your needs and then establish a security policy that meets those needs. So: start from the beginning. What's your threat model? What do you need an OpenPGP key signature to represent? How paranoid do you need to be? Once you know that, then start looking for other people with similar policies and ask them for arguments for or against to help you decide. But asking strangers with completely unknown policies is unlikely to do much but confuse you. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
