Selecting primary UID

Lee Evans lee@vital.co.uk
Tue Jun 26 12:36:01 2001 

gnupg-users@gnupg.org


>    Lee> some way validates the authenticity of the key, rather than

>    Lee> myself personally.



> Again, your UID don't even appear anywhere in the key signature. Suppose

> you retrieve Phillip Zimmermann public key from a public key server.

> You'll have about twenty signatures claiming he is the real one. Try a

> gpg --check-sig zimmermann : what you'll see are not user ID but key IDs.


Well, if I do gpg --check-sig blah, the line pertaining to my
signature is as follows:

   "sig!      77856D96 2001-06-21 Lee Evans (Lee Evans Vital
Online) <lee@vital.co.uk>"

This would suggest that I have signed it in my role as an agent
of Vital Online. I am no legal expert, but it would be arguable
that this could imply that I , having signed it as an agent of
said company have signed it with the authority of Vital Online,
and thus that they have retrospectively verified they key
themselves. Since I can find no legal precedent for such things,
I am basing these assumptions on email related case law, as that
is, IMHO, probably the closest material, and something that would
probably be cited should such a case ever arise. As you can see
at the bottom of my mail, it is now common practice for employees
to put disclaimers at the bottom of mails, explicitly stating
that views contained in said mail do not necessarily reflect the
views of the company. Since no similar disclaimer is present in
my UID, it could, as I say, be argued that my company themselves
are verifying the validity of the key through my signature.



> If you part your company one day, just -revoke- your company user ID and

> send the modified key to a public keyserver. That way this ID won't show

> up again or will show a [revoked] next to it.


I thought about that - the thing is, you can't infact revoke a
user ID, just the associated self-signature. The UID will still
remain with the key, and I assume the previously signed keys will
retain the details they picked when I signed them.

Thanks
Lee
-- 
Lee Evans
Vital Online Ltd

This  message is intended only for the use of the person(s) ("The
intended recipient(s)")  to  whom it is addressed.  It may
contain
information which is privileged and confidential within  the  
meaning  of  applicable law.  If you are not the intended 
recipient,
please  contact the sender as soon as possible.  The views
expressed
in this communication may not necessarily be the views held by
Vital Online Ltd.