Tim wrote:
On Wed, 2008-05-28 at 16:29 +0100, Bill Crawford wrote:
> What do you do if you encounter a key that's signed by both someone
> you trust personally, *and* someone you don't trust?
I suppose that would depend on whether that was: You didn't know
whether to trust them, or you distrusted them.
No.
If A's key is signed with B's key, and B's key is known to be valid, and you
trust that B signs keys responsibly, then A's key is valid, period. Other
signatures are completely irrelevant. Nobody can make a key invalid by
signing it, no matter how evil or irresponsible or untrustworthy they are.
Björn Persson