Matching a key with other emails

David Shaw dshaw at
Mon Nov 17 14:17:21 CET 2003

On Mon, Nov 17, 2003 at 06:46:07PM +0000, Neil Williams wrote:

> GnuPG can't tell the difference, even if you might. Hotmail is
> hardly going to help you confirm it is the same person. The whole
> point of the web-of-trust is that it is easy to setup these
> secondary UID's, each one can be signed individually and it provides
> a level of trust in not just the key but the email account and the
> physical person. You really should reconsider encrypting to an
> account that is untrusted. (That's what GnuPG is trying to tell you
> via Enigmail.)
> It's up to the key owner to amend the key, GnuPG can't assume that something 
> can be trusted when it's just as possible to be a compromised key.

Not completely true.  It's up to the key owner - OR the local user
(i.e. yourself) to amend the key.  You can trust the key owner, and
you (presumably) can trust yourself.


More information about the Gnupg-users mailing list