Selecting primary UID

Lee Evans lee@vital.co.uk
Tue Jun 26 12:36:01 2001


gnupg-users@gnupg.org


> Lee> some way validates the authenticity of the key, rather than
> Lee> myself personally.

> Again, your UID don't even appear anywhere in the key signature. Suppose
> you retrieve Phillip Zimmermann public key from a public key server.
> You'll have about twenty signatures claiming he is the real one. Try a
> gpg --check-sig zimmermann : what you'll see are not user ID but key IDs.
Well, if I do gpg --check-sig blah, the line pertaining to my signature is as follows: "sig! 77856D96 2001-06-21 Lee Evans (Lee Evans Vital Online) <lee@vital.co.uk>" This would suggest that I have signed it in my role as an agent of Vital Online. I am no legal expert, but it would be arguable that this could imply that I , having signed it as an agent of said company have signed it with the authority of Vital Online, and thus that they have retrospectively verified they key themselves. Since I can find no legal precedent for such things, I am basing these assumptions on email related case law, as that is, IMHO, probably the closest material, and something that would probably be cited should such a case ever arise. As you can see at the bottom of my mail, it is now common practice for employees to put disclaimers at the bottom of mails, explicitly stating that views contained in said mail do not necessarily reflect the views of the company. Since no similar disclaimer is present in my UID, it could, as I say, be argued that my company themselves are verifying the validity of the key through my signature.
> If you part your company one day, just -revoke- your company user ID and
> send the modified key to a public keyserver. That way this ID won't show
> up again or will show a [revoked] next to it.
I thought about that - the thing is, you can't infact revoke a user ID, just the associated self-signature. The UID will still remain with the key, and I assume the previously signed keys will retain the details they picked when I signed them. Thanks Lee -- Lee Evans Vital Online Ltd This message is intended only for the use of the person(s) ("The intended recipient(s)") to whom it is addressed. It may contain information which is privileged and confidential within the meaning of applicable law. If you are not the intended recipient, please contact the sender as soon as possible. The views expressed in this communication may not necessarily be the views held by Vital Online Ltd.