> Is there any difference in the standard trust model between marking a
> key level 1 ("I don't know or won't say") and level 2 ("I do NOT
> trust")?There isn't really a "standard trust model". What you should really do is have a key signing policy and embed the URL to that policy with every signature (plus, obviously, sign the policy). e.g. pipe <http://jeromebaum.com/jerome.asc> through "gpg --list-packets" and you'll see that the link to my signing policy is <http://jeromebaum.com/policy.html> and per the footnote there you can find the signature at <http://jeromebaum.com/policy.html.asc>. That said, I believe the standard says something like "0x11 means 'I didn't really check' " -- read your own thing into that but to me it means the level is useless. 0x12 is a moderate check and 0x13 an in-depth check, which everyone interprets differently. -- Jerome Baum Hessenweg 222 48432 Rheine GERMANY tel +49-1578-8434336 email jer...@jeromebaum.com web www.jeromebaum.com -- Einigkeit und Recht und Modeerscheinung -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- http://five.sentenc.es _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
