export single UID of a key

[David Shaw]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Apr 09, 2003 at 02:52:48AM +0200, Michael Nahrath wrote:
> David Shaw <dshaw@jabberwocky.com> schrieb am 2003-04-09 00:00:
> 
> >>>> 2. Sign only one UID and send it in an encrypted mail to this UID's mail
> >>>> address.
> >>>> Do this for every UID in a key seperately.
> >>>> Do _not_ keep these signatures in your normal keyring.
> >>>> If the key owner uploads the signatures to the keyservers he prooves that
> >>>> he owns the secret key. You get your signature back via '--refresh-keys'.
> >>> 
> >>> Note that this doesn't really give you what you want in all cases.
> 
> >> Pure Certification keys or UIDs without e-mail address can't be checked that
> >> way -- but they can't be checked with an encrypted chelange either.
> > 
> > So don't encrypt the challenge.  Encrypting the challenge doesn't buy
> > you any additional security.  You don't need confidentiality here -
> > you need identity confirmation.
> 
> OK, that is the point!
> 
> I guess I was not alone in the misunderstanding, that the main validation
> feature in the callange was the ability to _decrypt_ the callenge-cookie.
> 
> Thank you for clearing this!
>  
> >> AFAIKS the signatures are only detached to the UID parts, at least this is
> >> how GPG and the keyservers display it.
> > 
> > Nevertheless, you are signing the primary key plus the user ID.  It
> > doesn't matter how programs display it for human consumption.
> 
> How does this fit to the fact that trust to a (primary-) key gets lost if a
> user ID is revoked?

This is actually a good thing.  Since you are signing {primary,uid},
if the uid is no longer usable then your signature should certainly no
longer be used.  The uid being revoked breaks a part of the "contract"
you have with the key owner.

> Is there any mechanism to sign somebody else's primary key without signing
> any of his UIDs? 

Well, yes, and no.  OpenPGP defines a "direct key signature", which is
a signature on the primary key only.  However, GnuPG doesn't accept it
as part of the web of trust.  I'm actually not sure if PGP does,
either.  Both programs use it for special key features (like
designated revokers).  Neither program allows users to make direct key
signatures on other people's keys.

Using a direct key signature is a bit like giving unconditional trust
("I can't confirm who this person is, but I trust the key belongs to
them anyway").  I think it could be useful in special cases where
those somewhat weird semantics don't matter, but it just isn't that
useful the rest of the time.

> > You are signing the primary key... but giving someone with access to
> > only the decryption key the ability to use your signature.  Signing A,
> > but giving B access to it.  A and B are not necessarily the same
> > person.
> 
> Maybe this a bit overparanoid two days after a keysigning party where each
> of the key owners presented his/her idendity and key-data in person.
> Many people find this alone enough to sign keys. E-mail validation is only
> be an extra-bonus.
> 
> But I understand that technical security is not about probability but about
> (even theoretical) possibility ;-)

Exactly :)  The stronger everyone is in making their own signatures,
the better the web of trust is overall.  People who only need weak
checks can still use the strong links, but people who need strong
links can't use weak checks.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2rc1 (GNU/Linux)
Comment: http://www.jabberwocky.com/david/keys.asc

iD8DBQE+k5bP4mZch0nhy8kRAvQpAJ0dd1k9h4Hv1saVLET3e0cdc3x19QCgmhXT
P5BvDexd9xQy9JdnjhAMbog=
=2IC6
-----END PGP SIGNATURE-----