Different uids with different trusts?

[David Shaw]

On Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald Friedrichs wrote:
> Hi,
> 
> I'm using GnuPG 1.2.3 (from Debian unstable) and have
> the following problem:
> 
> Person A has two uids (let's say foo@a and bar@a) in
> his key, from which person B signed one (e.g. before
> person A added the second uid, let's say person B's
> signature is on uid foo@a). If person B now wants to
> encrypt to foo@a using
> 
> gpg -e -r foo@a
> 
> everything wents smooth, but as soon as person B tries
> to encrypt to bar@a using
> 
> gpg -e -r bar@a
> 
> he gets "There is no indication that this key really
> belongs to the owner". 
> 
> Why is this so? Person A has self-signatures on his
> uids and the key of A is signed by B, so why is the
> second uid not trusted? 

It shouldn't be trusted.  B signed foo@a, not bar@a.  They're not the
same, even though they may reside on the same key.  This prevents
(among other things) this attack:

1) Trent creates a key, and gets it signed by Charlie.
2) Baker trusts Charlie, so therefore believes that Trent's key is
   valid.
3) Trent then adds a new user ID "Alice".
4) Baker wants to encrypt to "Alice", but which key to use?  They both
   appear valid.

The right thing to happen is for the real Alice to be valid, but
Trent's fake Alice to be invalid.

David