For example, I was on a key signing party. After a party, one person signed my key with full trust and sent this signature to me by email. Then that person changed their mind and signed my key with marginal trust and uploaded that signature to a key server by themselves. I have uploaded first signature with full trust to the key server after the person uploaded the second signature. How these signatures will be combined on my OpenPGP key?
Asked
Active
Viewed 63 times
2
-
I'm voting to close this question as off-topic because it is related to Software model and not specifically to crypto. – Biv Aug 22 '17 at 08:26
-
IMHO the latest update is the one that is dominant. – Biv Aug 22 '17 at 08:26
-
How does OpenPGP decides which updates is the latest? For example, when person was making the second signature they set the time on their computer to yesterday. – user652061 Aug 22 '17 at 08:30
-
BTW, I am ok to move the question to security StackExchange, if that is the better place for it. – user652061 Aug 22 '17 at 08:31
-
1I disagree that this needs to be closed. It should be answerable on the basis of how OpenPGP and its web of trust are defined. – otus Aug 23 '17 at 04:59