[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing < 2048 bit keys from the Debian keyrings

Manoj Srivastava <srivasta@debian.org> writes:
> On Tue, Sep 02 2014, Matthias Urlichs wrote:
>> there's a GPG option (via the the *-cert-level options, see 'man gpg')
>> to state how carefully you did verify their identity, but ultimately
>> it's up to you.
>
>         That is not how I interpreted that option to mean.
>
> ,----[ http://tools.ietf.org/html/rfc4880#section-5.2.3.13 ]
> | 5.2.3.13. Trust Signature
> |  (1 octet "level" (depth), 1 octet of trust amount)
[...]
> ,----[ http://lists.gnupg.org/pipermail/gnupg-users/2005-May/025612.html ]
>  | tsign is just like sign (or lsign) except that you are asked a few
>  | more questions by GnuPG.  Think of tsign as a combination of a regular
>  | signature plus the ownertrust.  This combines two different things
>  | from the classic trust model into one signature.

You looked at trust signatures, not at the --*-cert-level options. These
are unrelated to each other.

Ansgar
Reply to: