Thomas Roessler roessler at
Mon Jan 25 23:23:09 CET 1999

On 1999-01-25 20:43:19 +0100, Werner Koch wrote:

> Maybe the reason for your confusion are the words: Originally I
> used

No.  My problem lies in the fact that gpg assigns trust ("validity")
values to public keys, not to the association between a key and a
specific user ID, as far as I can tell.  (At least I don't see any
code in list_keyblock() which looks like it dumps trust information
for a _uid_ packet, see keylist.c around line 221.)

> $ gpg --list-keys --with-colons
> pub:q:2048:1:D2262944CE6AC6C1:1997-12-23::216:f:Thomas Roessler 

This is only information about the key and, maybe, about one user ID
of that key.

That doesn't suffice.  Think about keys like this one:


% pgp -kcc 0x93478f6b

Type Bits/KeyID    Date       User ID
pub  2048/93478F6B 1997/06/17 Fake alert. Don't use this key. % f-1
sig!      DD08DD6D 1997/06/19  Roland Rosenfeld <roland at>
sig!*     593238E1 1997/06/19  Thomas Roessler <roessler at>
                              in-ca at SIGN EXPIRE:1998-12-31 Root CA des Individual Network e.V. <in-ca at>
sig!      93478F6B 1997/06/17  Fake alert. Don't use this key. % f-1
sig!      9D4AED4B 1997/06/17  Fake alert. Don't use this key. % f-2


Or think about a key which has a certified user ID and self-signs
another, bogus ID.  The user must be able to tell the trusted ID
from the untrusted one.

Thomas Roessler · 74a353cc0b19 · dg1ktr ·
     2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1
> Hi!  I'm Signature Virus 99!  Copy me into your signature and join the fun!

More information about the Gnupg-devel mailing list