Matching a key with other emails
David Shaw
dshaw at jabberwocky.com
Mon Nov 17 14:17:21 CET 2003
On Mon, Nov 17, 2003 at 06:46:07PM +0000, Neil Williams wrote:
> GnuPG can't tell the difference, even if you might. Hotmail is
> hardly going to help you confirm it is the same person. The whole
> point of the web-of-trust is that it is easy to setup these
> secondary UID's, each one can be signed individually and it provides
> a level of trust in not just the key but the email account and the
> physical person. You really should reconsider encrypting to an
> account that is untrusted. (That's what GnuPG is trying to tell you
> via Enigmail.)
>
> It's up to the key owner to amend the key, GnuPG can't assume that something
> can be trusted when it's just as possible to be a compromised key.
Not completely true. It's up to the key owner - OR the local user
(i.e. yourself) to amend the key. You can trust the key owner, and
you (presumably) can trust yourself.
David
More information about the Gnupg-users
mailing list