On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > 4) The owners are bad signers and didn't take part in the ID > verification step of the signature process. > > > 1) and 3) are defiantly not the reasons in the analyzed cases. > > I really hope 2) is the cause, but in at least one case I am sure of 4).
I'm sure it's 4, especially in the case when the person in question never attended the party. Some people just sign all the keys and call it a day. > How should 4) be dealt with? > > As far as I am aware the is no negative signature or any other way to > mark those keys - except for local trust settings. That is correct. It really has to be this way, for good and for bad. Trust is inherently subjective - even the 1-2-3 trust levels are just guidelines and there is no way to enforce them beyond asking people nicely not to abuse the system. Of course, it would be possible to propose a different trust model that takes into account such things (a reputation system), but that would be a reasonably different beast than the current system. Not impossible, but it would take some working out of details. OpenPGP currently has no way to make a "negative" signature. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
