Il 03/05/2014 10:50, Nicholas Cole ha scritto: >> Well, if ownertrust answers that, it's what I need: a way to say "I am >> sure this key belongs to X, but I don't want it to be used to introduce >> more keys in the WoT". > But it doesn't work like that anyway. Unless you are using Trust > signatures (and few people do) then a signature on a key does not > encourage a 3rd party to trust signatures made by that key. Ah, OK. Now it makes more sense.
Tks for the clarification. > Even if a key is recognised as authenticated/validated/certified for > association with a particular email address, the signatures made by > that key will not be trusted by anyone who has not made an active > decision to make a particular key a trusted introducer. IIUC, *unless* I tsig it. But if I use tsig I'm doing both an "identity" signature and a trust signature. I see no way I can publicly say "I don't really know real-world identity of this subject, but I trust him as an introducer" (yep, might sound strange [*], but often a pseudonym is more meaningful than RL name, but pseudonyms aren't "good" in WoT): if I tsig his key, I'm cerifying his pseudonym -- that I shouldn't do since it's not on any document. [*] well, not too strange in many cases, when it's "healtier" that a pseudonym is *not* easily correlated to a RL identity. > In fact, this is a reason (though one of many) why the web of trust > has never quite lived up to its promise. No UI that I am aware of > sets even marginal trust by default on newly imported keys. Most > users (I suspect) will only ever end up trusting keys that they > themselves have signed. That is the default position. Understandable/safer, but harder to bootstrap :) BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
