On Fri, 31 Jan 2014 15:02:14 +0100
NdK <ndk.cla...@gmail.com> wrote:
> Il 31/01/2014 10:24, Steve Jones ha scritto:
>
> > Well the conventions of use, for example the key signing party
> > protocol, requires photographic id. If I publicly sign a key it has
> > to be in line with how I expect others to interpret it. Policies and
> > notations on signatures go some way to alleviate that but only if
> > the tools support it.
> I tried looking around for some tutorials about notations, but could
> only find minimal information ("it's a string in 'tag@domain=value'
> format").RFC 4880 seems to be the primary documentation. > IIUC in *my* policy I could specify that when signing a key I use > "ndk@mydomain=X" notation and that X=0 means "just checked the person > can access the given mailbox", X=1 means "at least 2 other persons > have confirmed that the same user used that email address for the > last year" and so on. That's pretty much it. I wouldn't worry about tracking what other people have seen though if I were implementing a scheme like this. My thinking is more notations like "only-emai...@example.org=true". But the point of the @domain part is that anyone can implement whatever namespaces they want. > Is my understanding right? When I sign a key and use a notation, am I > actually signing *all* the identities associated with that key? Or > just one? All signatures are on particular UIDs, and notations are part of signatures, so you can sign as few or as many identities as you like. -- Steve Jones <st...@secretvolcanobase.org> Key fingerprint: 3550 BFC8 D7BA 4286 0FBC 4272 2AC8 A680 7167 C896
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
