It can be, and that's how that works in PGP. If I see one person I absolutely trust (both not to lie, and not to screw up a keysigning) has signed someone's key, then I'm fine; and if I see that five hundred people, about a hundred of which I think have clue not to screw up, have signed someone's key, then I'll probably trust it. That's why PGP has a bunch of different trust levels in the first place; section 3 of this paper (http://www.cs.ucl.ac.uk/staff/F.AbdulRahman/docs/pgptrust.html) talks about trust levels. The whole paper is a useful read, really.
In short, the answer to your question is "You shouldn't put the same level of trust in that as your personal verification; put slightly less, but slightly more than if it had nothing at all. Here, have a tool to do exactly that."
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2003-12-12 06:32 am (UTC)It can be, and that's how that works in PGP. If I see one person I absolutely trust (both not to lie, and not to screw up a keysigning) has signed someone's key, then I'm fine; and if I see that five hundred people, about a hundred of which I think have clue not to screw up, have signed someone's key, then I'll probably trust it. That's why PGP has a bunch of different trust levels in the first place; section 3 of this paper (http://www.cs.ucl.ac.uk/staff/F.AbdulRahman/docs/pgptrust.html) talks about trust levels. The whole paper is a useful read, really.
In short, the answer to your question is "You shouldn't put the same level of trust in that as your personal verification; put slightly less, but slightly more than if it had nothing at all. Here, have a tool to do exactly that."