Am Fr 25.04.2014, 12:58:03 schrieb Daniel Kahn Gillmor: > yes, users *should* ignore --ask-cert-level: > > https://www.debian-administration.org/users/dkg/weblog/98
I completely disagree with that article. And I consider your statement «I don't think there is a satisfactory answer to the question "how will specifying the level of identity certification concretely benefit anyone involved?"» REALLY strange. It is hard for me to believe that someone at your level of crypto understanding is serious about that. You claim «So there is no functional gain in declaring the difference between a "normal" certification and a "positive" one» and – if I understand you correctly – the only argument for that is the current behaviour of GnuPG. The correct view is that the current GnuPG behaviour (i.e. not offering the possibility to ignore level-0 sigs) is a serious problem, really limiting the use of WoT calculation. Are you really going to tell me that a generic certification was more valuable than a persona certicifation though the first contains the second? I hope not. 90% of the current WoT is just the illusion of security. I once wrote an email to somebody who had written a terribly wrong article about OpenPGP on his web site. He answered me, thanked me for the hints and wrote: "I have signed your key and attached it. Perhaps you want to sign mine, too." That's what the majority of level-0 signatures means: "I have no idea what I am doing here." > > Thus I would like to offer "accepted" as a possible alternative. I > > guess that shows the user decision. Maybe even as a combination: > > "authenticity accepted". > > Accepted implies that there is someone doing the accepting. That is exactly what happens. And thus I like the term. > "Acceptable" might be better, but it still leaves me asking > "acceptable to whom?" and "acceptable for what?" The context is the respective keyring. Who "owns" it and for what purpose? My opinion as a non-native speaker is less relevant in this case but I feel like you seem to indicate: That "acceptable" easily leads to the question "Why? By which standards?". "Accepted" seems to avoid that by "You have (not yet) accepted it. You must know why (not)". To me "accepted" seems more personal, "acceptable" more general. But that may just be a lose language feeling. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
