I would say that where an individual makes up their own mind which
certificates to mark as valid, they are not using a CA at all. If a
second individual is asking the first individual which certificates
to accept, the second individual is using the first as a CA.
You are free to redefine black as white while you're at it.
When you decide which certificates to accept, you are serving as your
own CA. When you outsource this to someone else, that other person or
agency is serving as your CA. But no matter how you slice it, there's
still a CA in the picture.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
