On Sun, Nov 06, 2005 at 01:09:36AM +1030, Alphax wrote: > David Shaw wrote: > > On Sat, Nov 05, 2005 at 12:30:46PM +0100, Thomas Kuehne wrote: > > > <snip> > > > >>How should 4) be dealt with? > >> > >>As far as I am aware the is no negative signature or any other way to > >>mark those keys - except for local trust settings. > > > > > > That is correct. It really has to be this way, for good and for bad. > > Trust is inherently subjective - even the 1-2-3 trust levels are just > > guidelines and there is no way to enforce them beyond asking people > > nicely not to abuse the system. > > > > Of course, it would be possible to propose a different trust model > > that takes into account such things (a reputation system), but that > > would be a reasonably different beast than the current system. Not > > impossible, but it would take some working out of details. OpenPGP > > currently has no way to make a "negative" signature. > > > > If it did, there would be a corresponding "Web of Antitrust".
Yes, more or less. You could allow people who you trust to lower the validity of other user IDs. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
