Confused about User IDs
Steven E. Harris
Mon Feb 5 05:00:01 2001
I'm having trouble understanding the use of User IDs in GnuPG. I have
an existing key that I created with reference to my personal e-mail
account. I keep the private key at home. Given that I'd also like to
use encryption when communicating with people by way of my work e-mail
address, I thought maybe I should add a User ID for the work
account. Following the instructions in the GNU Privacy Handbook, I
added this second User ID.
What purpose does having multiple IDs serve, though? Is the idea that
someone looking for my public key who knows only one of my e-mail
addresses will be able to find it?
The GNU Privacy Handbook says:
> The user IDs associated with your public master key are validated by
> the people with whom you communicate, and changing the master key
> therefore requires recertification. This may be difficult and time
> consuming if you communicate with many people.
Does that mean that when I "get my key signed," I'm really getting a
particular User ID signed? That is, are these verification signatures
bound to a particular User ID and not to the master signing key? If
this trust is split, then what's the advantage of combining multiple
User IDs under a given master signing key?
Steven E. Harris :: email@example.com
Tenzing :: http://www.tenzing.com