Am 15.02.2015 um 12:26 schrieb Ludwig Hügelschäfer: > On 14.02.15 23:05, Stephan Beck wrote: > >> Well, it's rather a precautionary measure than an actual security >> measure, , reminding me of not trusting the key owner's ability to >> handle and verify signatures correctly, if he/she uses a signature >> no one has the chance to check because the information about the >> public key's location isn't indicated by its owner in his/her very >> message. I assigned the "I do not trust him" attribute to the first >> key he used in a previous message. > > You seem to have misunderstood what ownertrust is good for. Trusting > an owner about placing his signatures is not about how she/he signs > messages. > > It is about how carefully she/he checks identity and mail address > before signing other keys. You can only judge that if you have seen > her/him in real life doing that.
OK, I give you that, strictly speaking, it might not be the same, but at the moment I had no other measure at hand to remind me of being careful with that kind of event. And a bad signature event is not the ideal event for putting trust in a key owner's identity at all. Stephan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
