Multiple User-Ids

Werner Koch wk at
Fri Jan 16 16:47:20 CET 1998

While implementing the Trust-Logic, this question arose:

What are the reasons that PGP handles all user-ids independently?  It is 
time consuming to sign every user-ids and it blows up the size of the 

I don't understand the security issues with this.  I think it is good enough
to just sign the first user-id and to do the trust check based on this.
More user-ids may be added with a self-signature and trust is calculated
user-id carrying the signatures (of course after validating the self-signature
of the specifies user-id).

If the user has the option to re-assign the order of user-ids, he his also
able to indicate preferred mail addresses. 

Any opinions?

Werner Koch, Duesseldorf  -   werner.koch at   -  PGP keyID: 0C9857A5

More information about the Gnupg-devel mailing list