At 03:30 PM 11/28/95 EST, Carl Ellison <cme@TIS.COM> wrote:

BTW -- PGP currently lacks a way for me to note, when I sign a key, how it is that I trust that key (by personal meeting, by attribution, by message association, ...). A signed attribute record would let me record that information for myself as well as for others.

That would be a useful feature, even if it's just an unstructured text file. There is a way to do it now, though it's inefficient and hokey - create multiple key-signing keys, with name fields indicating the attribute, sign them with your main key, and use the appropriate one of them to sign keys for people. For instance, I have a key named "Bill Stewart Unauthenticated Pseudonym Signing Key <stewarts@ix.netcom.com>" which I use to sign keys of significantly lower trust than my normal key; you could do similar things for higher-quality certification. This does increase the depth of the web-of-trust required, which is less of a problem for low-trust keys than for keys you actually care about :-) #-- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281