Daniel Kahn Gillmor <[email protected]> writes: > On Mon 2025-10-13 10:51:40 +0100, Daniel Cerqueira wrote: >> Werner Koch <[email protected]> writes: >>> On Fri, 10 Oct 2025 23:51, Daniel Cerqueira said: >>> >>>> I am studying GnuPG, and I would like to know what are the effects of >>>> using '--default-cert-level', besides it adding a number information in >>>> the output of '--check-sigs' ? Are there some (other) effects? >>> >>> Key signatures have different classes: 0x10 to 0x13 which correspond >>> with the cert levels. If you create a self-signature (e.g. new >>> user-id) level 3 is used. In all other cases level 0 is used by >>> default or whatever youset with --default-cert-level. >>> >>> When evaluating the validity of a key (building the trustdb) by default >>> only key signatures of level 0, 2, and 3 are considered. This can be >>> changed with --min-cert-level. >> >> Thank you for the reply. I guess that information is enough. > > Some of the regular readers of this list (including myself) think that > the cert-level features in gpg (and the certification levels in the > underlying standard, OpenPGP) are misfeatures. Leaving things as the > default is the most reasonable way to go: > > > https://dkg.fifthhorseman.net/blog/gpg-ask-cert-level-considered-harmful.html > > Regards,
Hi, Daniel! First, I want to thank you for the link to your webpage. Second, I will be expressing my opinion about this issue. It is *my personal* opinion. I am not trying to make you, or anyone else, adopt this same opinion. Reading the webpage at the URL above, I could only find one thing that stuck with me. It was the argument that using --default-cert-level may reveal my social graph (to big brother agent smith). Later, I came to the conclusion that this is not a valid argument. GnuPG states that the certification levels are from "no opinion", to "persona", to "casual", to "extensive". These words are very ambiguous, evoking a personal (relative) standpoint. Not an absolute way of evaluating. A "casual" certification level to me, may be different from a "casual" certification level in other person's mind. Which means that it does not reveal the people that I like, and does not reveal my social graph, at all. It just reveals how accurate I am assuring some key's information is. I also want to add, that I love the way that GnuPG separated the certification level into 4 levels. "No opinion" level means silence. "Persona" means negative. "Casual" means neutral. "Extensive" means positive. To me, this levels perfectly reveals real-world concepts. GnuPG just uses the specific words, in the scope of certifying keys, taking these real-world concepts as the deeper framework. Cheers for Freedom, CONFIDENTIALITY WARNING The information transmitted in this message is for the exclusive use of the person or entity to which it is addressed and might contain privileged and or confidential information. If you are not the intended recipient of this message, you are prohibited from printing, duplicating, disseminating or otherwise using or acting in reliance upon this information. If you have received this message in error, please notify the sender immediately, delete this information from your computer and destroy all copies. GDPR SECURITY I use end-to-end encryption on my communications by emails. You should too! Ask me "How can I also end-to-end cipher my communications by email?", and I'll share how. -- The pioneers of a warless world are the youth that refuse military service. ~ Albert Einstein
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
