-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PGP & Vectors of Trust? #17
Comments
They exist. Section 5.2.1 of RFC 4880. At one time during the discussions of transition from 2440 to 4880, we were looking at removing them, and they got put back in because people wanted them. I don't think they're used not only because of UX — GnuPG implements just about everything so it would be trivial to do, it's more that no one knows what they mean. That's the reason we were looking at removing them in the first place. Here's what 4880 says:
What is the difference between a personal certification and a casual certification? What would "substantial verification" be? Personally, one of the things that I dislike about the PGP culture is how surly it is to nyms and personae, to begin with, and is one of the reasons I don't like key signing parties. |
FreeTrust.org begins with dimensions of identity, presence, security and privacy for which we would have assertions and proofs. Trust is subjective and personal trust,of signer weights trust in assertion. I love the Vectors of Trust standard! but we must support them all since anyone might trust something different and nobody knows what the standard will be tomorrow. It is wonderful to find a group so far along in this area. :-) |
/re PGP-Paradigm.pdf #569b5a4
/cc @joncallas
One thing that I've always wanted with PGP was when I signed someone's key was that I could notate more the quality and effort of my validity assertion. For instance, vector of trust-like assertion about:
etc. Why didn't some type of these type of assertions evolve in the PGP ecosystem? Was it purely a matter of it being too UX complex for the expected average user? Or an issue of validity vs trust? Or am I missing something?
The text was updated successfully, but these errors were encountered: