PGP signatures.
Björn Persson
listor3.rombobeorn at tdcpost.se
Thu May 29 22:02:42 UTC 2008
Tim wrote:
> On Wed, 2008-05-28 at 16:29 +0100, Bill Crawford wrote:
> > What do you do if you encounter a key that's signed by both someone
> > you trust personally, *and* someone you don't trust?
>
> I suppose that would depend on whether that was: You didn't know
> whether to trust them, or you distrusted them.
No.
If A's key is signed with B's key, and B's key is known to be valid, and you
trust that B signs keys responsibly, then A's key is valid, period. Other
signatures are completely irrelevant. Nobody can make a key invalid by
signing it, no matter how evil or irresponsible or untrustworthy they are.
Björn Persson
More information about the users
mailing list