>On Tuesday 5 November 2013 at 11:03:19 PM, in ><mid:52797937.5090...@gmail.com>, Paul R. Ramer wrote: > >> But if you sign it with an exportable >> signature, you are saying to others that you have >> verified the key. > >In the absence of a published keysigning policy, isn't that an >assumption?
Signing is to be an attestation to the validity of the key. But, yes, in absence of a keysigning policy (or in some other way of knowing how that person signs keys) it is just an assumption as to what that signature means. I would not assume what the value of a signature is without knowing how that person signs keys, and I would still need to believe that person's methods are acceptable to me. Cheers, --Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
