Different uids with different trusts?
Ronald Friedrichs
gibbelwurst@yahoo.de
Thu Sep 11 20:45:01 2003
--- David Shaw <dshaw@jabberwocky.com> schrieb: > On
Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald
> > Why is this so? Person A has self-signatures on
> > his uids and the key of A is signed by B,
> > so why is the second uid not trusted?
>
> It shouldn't be trusted. B signed foo@a, not bar@a.
> They're not the same, even though they may reside on
> the same key.
Ok, but let's say B sets the owner-trust of A to
"full". This means B trusts A to sign only uids which
are correct. But then, B automatically has to accept
bar@a as valid, because this uid is (self-)signed by
A. (?!)
> This prevents
> (among other things) this attack:
>
> 1) Trent creates a key, and gets it signed by
> Charlie.
> 2) Baker trusts Charlie, so therefore believes that
> Trent's key is valid.
> 3) Trent then adds a new user ID "Alice".
> 4) Baker wants to encrypt to "Alice", but which key
> to use? They both appear valid.
With full owner-trust in Trent, they are indeed both
valid for Baker. (Or, if Baker trust Trent more than
Alice, the key of Trent is even more valid.) And I
would consider this the right behaviour with such a
owner-trust setting -- but gpg doesn't.
Ronald
> The right thing to happen is for the real Alice to
> be valid, but Trent's fake Alice to be invalid.
__________________________________________________________________
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de