[Cryptography] ToFU +- SaFU
Werner Koch
wk at gnupg.org
Thu Apr 16 05:00:14 EDT 2015
On Wed, 15 Apr 2015 22:26, nbohm at ernest.net said:
> The semantics of signing a PGP key are indeed obscure. It seems
rfc4880, 5.2.1 actually explains on how the key signatures are used.
For example:
0x13: Positive certification of a User ID and Public-Key packet.
The issuer of this certification has done substantial
verification of the claim of identity.
But it also remarks
Most OpenPGP implementations make their "key signatures" as 0x10
certifications. Some implementations can issue 0x11-0x13
certifications, but few differentiate between the types.
9maybe in attempt not to be viewed as a PKI).
> regrettable that there is no way for the signer to spell what the
> signature is intended to mean.
5.2.3.20. Policy URI
[...]
This subpacket contains a URI of a document that describes the policy
under which the signature was issued.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the cryptography
mailing list