wk at isil.d.shuttle.de
Fri Jan 16 16:47:20 CET 1998
While implementing the Trust-Logic, this question arose:
What are the reasons that PGP handles all user-ids independently? It is
time consuming to sign every user-ids and it blows up the size of the
I don't understand the security issues with this. I think it is good enough
to just sign the first user-id and to do the trust check based on this.
More user-ids may be added with a self-signature and trust is calculated
user-id carrying the signatures (of course after validating the self-signature
of the specifies user-id).
If the user has the option to re-assign the order of user-ids, he his also
able to indicate preferred mail addresses.
Werner Koch, Duesseldorf - werner.koch at guug.de - PGP keyID: 0C9857A5
More information about the Gnupg-devel