trust?
Thomas Roessler
roessler at guug.de
Mon Jan 25 23:23:09 CET 1999
On 1999-01-25 20:43:19 +0100, Werner Koch wrote:
> Maybe the reason for your confusion are the words: Originally I
> used
No. My problem lies in the fact that gpg assigns trust ("validity")
values to public keys, not to the association between a key and a
specific user ID, as far as I can tell. (At least I don't see any
code in list_keyblock() which looks like it dumps trust information
for a _uid_ packet, see keylist.c around line 221.)
> $ gpg --list-keys --with-colons
> pub:q:2048:1:D2262944CE6AC6C1:1997-12-23::216:f:Thomas Roessler
This is only information about the key and, maybe, about one user ID
of that key.
That doesn't suffice. Think about keys like this one:
------------------------------
% pgp -kcc 0x93478f6b
Type Bits/KeyID Date User ID
pub 2048/93478F6B 1997/06/17 Fake alert. Don't use this key. % f-1
sig! DD08DD6D 1997/06/19 Roland Rosenfeld <roland at spinnaker.rhein.de>
sig!* 593238E1 1997/06/19 Thomas Roessler <roessler at guug.de>
in-ca at individual.net SIGN EXPIRE:1998-12-31 Root CA des Individual Network e.V. <in-ca at individual.net>
sig! 93478F6B 1997/06/17 Fake alert. Don't use this key. % f-1
sig! 9D4AED4B 1997/06/17 Fake alert. Don't use this key. % f-2
------------------------------
Or think about a key which has a certified user ID and self-signs
another, bogus ID. The user must be able to tell the trusted ID
from the untrusted one.
tlr
--
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1
> Hi! I'm Signature Virus 99! Copy me into your signature and join the fun!
More information about the Gnupg-devel
mailing list