>On Tuesday 5 November 2013 at 11:03:19 PM, in ><mid:[email protected]>, Paul R. Ramer wrote: > >> But if you sign it with an exportable >> signature, you are saying to others that you have >> verified the key. > >In the absence of a published keysigning policy, isn't that an >assumption?
Signing is to be an attestation to the validity of the key. But, yes, in absence of a keysigning policy (or in some other way of knowing how that person signs keys) it is just an assumption as to what that signature means. I would not assume what the value of a signature is without knowing how that person signs keys, and I would still need to believe that person's methods are acceptable to me. Cheers, --Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
