Selecting primary UID
Tue Jun 26 12:36:01 2001
> Lee> some way validates the authenticity of the key, rather than
> Lee> myself personally.
> Again, your UID don't even appear anywhere in the key signature. Suppose
> you retrieve Phillip Zimmermann public key from a public key server.
> You'll have about twenty signatures claiming he is the real one. Try a
> gpg --check-sig zimmermann : what you'll see are not user ID but key IDs.
Well, if I do gpg --check-sig blah, the line pertaining to my
signature is as follows:
"sig! 77856D96 2001-06-21 Lee Evans (Lee Evans Vital
This would suggest that I have signed it in my role as an agent
of Vital Online. I am no legal expert, but it would be arguable
that this could imply that I , having signed it as an agent of
said company have signed it with the authority of Vital Online,
and thus that they have retrospectively verified they key
themselves. Since I can find no legal precedent for such things,
I am basing these assumptions on email related case law, as that
is, IMHO, probably the closest material, and something that would
probably be cited should such a case ever arise. As you can see
at the bottom of my mail, it is now common practice for employees
to put disclaimers at the bottom of mails, explicitly stating
that views contained in said mail do not necessarily reflect the
views of the company. Since no similar disclaimer is present in
my UID, it could, as I say, be argued that my company themselves
are verifying the validity of the key through my signature.
> If you part your company one day, just -revoke- your company user ID and
> send the modified key to a public keyserver. That way this ID won't show
> up again or will show a [revoked] next to it.
I thought about that - the thing is, you can't infact revoke a
user ID, just the associated self-signature. The UID will still
remain with the key, and I assume the previously signed keys will
retain the details they picked when I signed them.
Vital Online Ltd
This message is intended only for the use of the person(s) ("The
intended recipient(s)") to whom it is addressed. It may
information which is privileged and confidential within the
meaning of applicable law. If you are not the intended
please contact the sender as soon as possible. The views
in this communication may not necessarily be the views held by
Vital Online Ltd.