[Cryptography] ToFU +- SaFU

Werner Koch wk at gnupg.org
Thu Apr 16 15:15:35 EDT 2015

On Thu, 16 Apr 2015 12:51, nbohm at ernest.net said:

> Are there such implementations?  If not, the subtleties which rfc 4880 offers
> are somewhat theoretical.

>From the gpg man page:

   --sig-policy-url string
   --cert-policy-url string
   --set-policy-url string

     Use string as a Policy URL for signatures (rfc4880:  If
     you prefix it with an exclamation mark (!), the policy URL packet
     will be flagged as critical. --sig-policy-url sets a policy url for
     data signatures. --cert-policy-url sets a policy url for key
     signatures (certifications). --set-policy-url sets both.

     The same %-expandos used for notation data are available
     here as well.



     When making a key signature, prompt for a certification level. If
     this option is not specified, the certification level used is set
     via --default-cert-level.  See --default-cert-level for information
     on the specific levels and how they are used. --no-ask-cert-level
     disables this option. This option defaults to no.

   --default-cert-level n

--set-policy-url since 1999, --default-cert-level since 2004.

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the cryptography mailing list