[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Valid OpenPGP keys without self-signature?

I want to add in a few comments.

I think that self-signatures are good. However, I think it is a bad thing to be draconian about them.

If a User ID (or attribute ID) is signed by me, then it should be valid, whether it's got a self-signature on it or not. I'd love to be able to add user names to other people's keys so that software I use can find them. Many people don't have every possible mail address on their keys, and it's damned annoying. Far too many people don't have the right user names on their keys.

A user id on a key that is signed by me can be thought of as a SDSI name. Using the web of trust, I could even trust other names. I might, for example, consider valid an unsigned name if it is signed by someone I trust.