Amnesia Anonymous Remailer writes:

The web of trust just certifies that the key belongs to someone. If you'd read to the end of the message, you would have seen that I was not complaining about the key certification process in PGP. At issue is NOT whether a key can be trusted to belong to someone, but whether or not random people should be able to tag others' PGP keys with crap.

You still don't get it, do you? It doesn't matter what random idiots tag onto your key so long as there is no trust path between the user of the key and the idiot who tagged stuff on. If someone signs "grand wizard of the KKK" onto your key, what do you care if no one trusts the signator who attached the crap?

What I want to prevent is some person I dislike uploading his signature on my key (particularly if he adds another ID to my key and signs that).

Why do you care?

How would you like it if I added a new ID to your key containing sort of insult, certified that ID, and uploaded the new signature to the key servers.

I wouldn't give a flying rat's buttocks, because unless the signatures are widely trusted the information is noise. Perry