[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: More about GPG signing

On Sun, May 13, 2012 at 03:02:02PM +0100, Phil Dobbin wrote:
> If that was the strategy everybody adopted with PGP, there'd be very
> few, if any, keys signed, ever.

This *is* the strategy that most people use for PGP.

> Thanks for the advice but I think I'll pass.

You are entitled to maintain whatever local policy for signing you want: but,
it weakens your position in a web of trust if your signatures are 'weaker' than
other peoples. It means any trust path that flows through a signature of yours
is suspect.

GPG lets you choose a 'trust level' for keys. I'd suggest at least using a
low-level value for keys you haven't validated.

Jon Dowland

Reply to: