Hi. Am Montag, den 05.11.2018, 21:47 +0200 schrieb Viktor: > > And we actually not sign keys. From two reasons: > a. If you automatically trust the signing key, compromising the > signing key breaks the entire system. b. In many countries, > generating or signing cryptographic keys requires a license. We > create a system that should work the same way and legally > in all countries. And we do not sign key certificates. We only attach > to them information about the owner of the key, which the user > manually checks before adding this certificate to his list of > trusted certificates.
In the EU the use of "qualified" signature is mandatory if it comes to legal issues. Between private companies it is okay to just use OpenPGP, but, if it comes to legal issues, one party could deny the validity of the signature because it is not accepted as a legal signature format, at least in Germany. We have the "qualified signature problem" here. In my Opinion a bad solution, but, the EU is known to make more Bullsh*t as reasonable things. Regards, Dirk -- Dirk Gottschalk Paulusstrasse 6-8 52064 Aachen, Germany GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838 Keybase.io: https://keybase.io/dgottschalk GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users