-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 2 May 2014 at 3:38:17 AM, in <mid:1570455.5MFBMy4FEj@inno>, Hauke Laging wrote: > in my > understanding you do exactly that: You accept a key for > usage. I see what you mean. I accept a key for usage by applying a non-exportable signature. But I neither accept nor reject any claim made or implied about the identity its controller. There is ambiguity in using the word "accept" and that is why I prefer the word "activate." > Whether you verify it before is your decision. What would you verify? For any encrypted mail I send, all that really matters is the person controlling the email address I am sending to can read emails that I encrypt to that key. A simple exchange of messages verifies this. Other people would have instances where they actually need to be certain who controls that key. In extreme cases, somebody may even need to know the person's legal name as recognised by their government. > As more than one year has not been enough for me to > write a certification policy for my new key all my > certifications are local ones. That is good. There are an awful lot of certifications out there from keys for which there is no published certification policy. All of these are essentially meaningless noise: unless we know what the signer is claiming, how do we know what do do with their claim? > I hope you don't > misunderstand the feature: Local signature is not meant > as "rather useless signature" but just as "not for the > public". Well, until/unless you have decided what you want to say, it is not a good idea to make a public announcement. > I have local certifications at cerification level 1 > (your case) and 3. The majority of mine are level 0, even for people I have conversed with on mailing lists for years. I don't have a single key on my keyring from anybody I know in real life. - -- Best regards MFPA mailto:2014-667rhzu3dc-lists-gro...@riseup.net The problem is not that we're paranoid; it's that we're not paranoid enough. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlNjpF9XFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pdPIEAKv4sTB1JxWVu7+T9eXeyzLz84ENo75bu3Ik 1eIJqOfh7y3SOCRiTL6xCKDMOYFV19ag3l5rFMIJZKap8M7PvUvNiaYQg4NYiGCh gJeb2FJ6X/OKDOyrY6/4a6QnCmPRDYVQtlEMbuJh1cvlR3HVJIMls+OHboKWQbnD 51omqCwZ =2xm6 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
