On Thu, 15 Nov 2018 22:54:01 +0100, Dirk Gottschalk wrote: Hi Dirk, > Am Donnerstag, den 15.11.2018, 21:05 +0100 schrieb Stefan Claas:
> > I disagree, with my humble approach imho third parties do not know > > that people are my real friends, colleagues, or that i belong to a > > certain group. > > The implication matters. For example: If you sign a three keys of, > let's assume kidnappers, with level 3. I guess, police won't read and > understand your policy first, you'll get a little trouble for sure. > Okay, that is a bad example. But, the diagram will result in level 3 > Relations, what can lead to assumptions somebody does not want or > intent. You make a very important point, which i thought also about and that is my little approach for covering my a*#. I would strongly assume that law enforcement would also check a sig0 user, regardless of policy or not, if something happens to a key owner, or if i sign with sig0 a key on a key signing party, where i also don't know that the person who attended is a good or bad person with a real or fake id. I am totally unable to distinguish between a real or fake id nor do i know if a person is good or bad if i would attend such a key signing party. > > I am no expert, but i like to know from my example (because i don't > > understand this) how could i trust this internal computation, when > > it is only visible to me and not to third parties? > > It is based on your trust into the signers. There is a chain in trust > dependencies for the trustdb. The levels full, marginal and so on lead > to basical calculations in how reliable a key is, which is indirectly > signed by trusted keys. I did not dig deeper into the GPG internals > for this system, but I've already seen it works well, at least for me. Like i said in my previous reply i have to study this in more depth. Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas
pgpWRNnJODuF3.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
