On 3/4/2010 3:52 PM, Daniel Kahn Gillmor wrote: > On 03/04/2010 01:01 PM, Grant Olson wrote: >> On 3/4/2010 12:45 PM, Daniel Kahn Gillmor wrote: >>> I'm also not sure what the "signed: 128" suggests in the "depth: 1" >>> line. Surely of all 83 keys i've certified, they have collectively >>> issued more than 128 certifications themselves. maybe someone else can >>> explain that bit? >> >> I believe that's the number of keys they've signed that are in your >> keyring. The signature attaches to the recipient's key, not the >> signer's. So if you don't have the recipient's key in your keyring, you >> don't even know it's been signed by one of the keys you've certified. > > I've got a large-ish keyring (>1300 keys), and it's fairly regularly > refreshed. i'm pretty sure that of the 83 keys that i've signed, > they've made more than 128 certifications in aggregate, even if we only > count keys themselves and not UIDs (that is, even if a key with multiple > certified User IDs only counts once). > > Is there another explanation? > > --dkg >
But out of those 83, only 11 have marginal or full trust, right? A signature isn't valid (for you) if they key isn't marginally or fully trusted to begin with. Would you buy that number from the 11 valid and trusted keys?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
