On Fri, 31 Jan 2014 15:02:14 +0100 NdK <ndk.cla...@gmail.com> wrote: > Il 31/01/2014 10:24, Steve Jones ha scritto: > > > Well the conventions of use, for example the key signing party > > protocol, requires photographic id. If I publicly sign a key it has > > to be in line with how I expect others to interpret it. Policies and > > notations on signatures go some way to alleviate that but only if > > the tools support it. > I tried looking around for some tutorials about notations, but could > only find minimal information ("it's a string in 'tag@domain=value' > format").
RFC 4880 seems to be the primary documentation. > IIUC in *my* policy I could specify that when signing a key I use > "ndk@mydomain=X" notation and that X=0 means "just checked the person > can access the given mailbox", X=1 means "at least 2 other persons > have confirmed that the same user used that email address for the > last year" and so on. That's pretty much it. I wouldn't worry about tracking what other people have seen though if I were implementing a scheme like this. My thinking is more notations like "only-emai...@example.org=true". But the point of the @domain part is that anyone can implement whatever namespaces they want. > Is my understanding right? When I sign a key and use a notation, am I > actually signing *all* the identities associated with that key? Or > just one? All signatures are on particular UIDs, and notations are part of signatures, so you can sign as few or as many identities as you like. -- Steve Jones <st...@secretvolcanobase.org> Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users