IDs, signatures and all that stuff
Martin Christensen
factotum@gvdnet.dk
Mon Mar 11 16:17:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Howdy!
I've been trying to make sense of signatures and multiple IDs. If
someone signs my public key and I subsequently create a new ID for
that key, then it is not the case that the new ID by transitivity is
signed by the signer. This makes perfect sense: if the signer can
verify my identity as Dr. Jekyll and signs that ID, that does not mean
that he will vouch for any Mr. Hyde IDs used for eating small children
afterwards.
But then people say that creating new IDs for an old key is better
than creating an entirely new key, since creating a new key means that
I have to start collecting signatures all over again. But by doing so,
will I be that much better helped? Sure, people can see that my
_other_ IDs have been signed, but that will require more than a quick
glance, which is more than many people will give to most keys.
Am I missing something here?
Martin
- --
Homepage: http://www.cs.auc.dk/~factotum/
GPG public key: http://www.cs.auc.dk/~factotum/gpgkey.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using Mailcrypt+GnuPG <http://www.gnupg.org>
iEYEARECAAYFAjyMyGsACgkQYu1fMmOQldXLWQCdEPEqTOcgIDCAsIYN13n/+DrU
twsAn3DaIYRApoW8VLjD603JSaVnUolv
=I/A5
-----END PGP SIGNATURE-----