[Cryptography] ToFU +- SaFU

Werner Koch wk at gnupg.org
Thu Apr 16 05:00:14 EDT 2015

On Wed, 15 Apr 2015 22:26, nbohm at ernest.net said:

> The semantics of signing a PGP key are indeed obscure.  It seems

rfc4880, 5.2.1 actually explains on how the key signatures are used.
For example:

   0x13: Positive certification of a User ID and Public-Key packet.
       The issuer of this certification has done substantial
       verification of the claim of identity.

But it also remarks

       Most OpenPGP implementations make their "key signatures" as 0x10
       certifications.  Some implementations can issue 0x11-0x13
       certifications, but few differentiate between the types.

9maybe in attempt not to be viewed as a PKI).

> regrettable that there is no way for the signer to spell what the
> signature is intended to mean.  Policy URI
   This subpacket contains a URI of a document that describes the policy
   under which the signature was issued.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the cryptography mailing list