On 04/23/2014 05:23 AM, Peter Lebbing wrote: > On 23/04/14 00:56, Robert J. Hansen wrote: >> I can see it, actually. > > Yes, after dkg's last message yesterday I also realised I had overlooked that > scenario. I think it can be generalised as "different roles", as even the > verification effort / signing policy can be different. Your boss might expect > you to sign certain keys with your work key while you are much more stringent > with your personal key.
or vice versa, actually. You might think someone is personally inclined
towards sloppiness, but will obey the rules of an organization they're
part of, and that organization might have stricter criteria for making
certifications with keys associated with the org.
> But I don't see why we need to drop the term ownertrust for that. Sometimes
> you
> need to pick a descriptive identifier for something and then define what it
> exactly means; it happens all the time in science.
I agree with this; also, the reason that your willingness to rely on one
key or the other are associated with who you think really "owns" the
key. even if an individual holds both keys, if the organization can
exert control over the use of one of them, there's a sense in which the
"ownership" of that key is different.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
