[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Valid OpenPGP keys without self-signature?
I want to add in a few comments.
I think that self-signatures are good. However, I think it is a bad
thing to be draconian about them.
If a User ID (or attribute ID) is signed by me, then it should be
valid, whether it's got a self-signature on it or not. I'd love to be
able to add user names to other people's keys so that software I use
can find them. Many people don't have every possible mail address on
their keys, and it's damned annoying. Far too many people don't have
the right user names on their keys.
A user id on a key that is signed by me can be thought of as a SDSI
name. Using the web of trust, I could even trust other names. I might,
for example, consider valid an unsigned name if it is signed by someone