multiple keys vs multiple identities

Simon Richter Simon.Richter at hogyros.de
Fri Sep 24 16:30:56 CEST 2010


Hi,

On Fri, Sep 24, 2010 at 10:00:40AM -0400, Daniel Kahn Gillmor wrote:

> > It'd be nice if there was a signature notation that specifies which
> > UID(s) this signature would be valid for.

> Unless i'm misunderstanding your suggestion, there is no need for such a
> notation -- OpenPGP certifications are made over a single User ID and
> its associated primary key.  If you certify someone's key and they have
> three User IDs, and you only can vouch for two of them, you should only
> certify those two.

Of course. I was talking about data signatures, i.e. "I'm signing this
with my work hat on".

The main use case I have is my Debian work -- when I sign a .changes
file, the Debian archive will accept it, even if the package in question
was really intended for another repository (where I use the same key for
authentication).

As my main key is well-established in the WoT, I'd like to use the
existing connections to get a trust path; however using the key directly
leads to the problem that the signature can be interpreted in multiple
ways.

   Simon



More information about the Gnupg-users mailing list