Different uids with different trusts?

Ronald Friedrichs gibbelwurst@yahoo.de
Thu Sep 11 20:45:01 2003

 --- David Shaw <dshaw@jabberwocky.com> schrieb: > On
Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald
> > Why is this so? Person A has self-signatures on
> > his uids and the key of A is signed by B, 
> > so why is the second uid not trusted? 
> It shouldn't be trusted.  B signed foo@a, not bar@a.
> They're not the same, even though they may reside on

> the same key. 

Ok, but let's say B sets the owner-trust of A to
"full". This means B trusts A to sign only uids which
are correct. But then, B automatically has to accept
bar@a as valid, because this uid is (self-)signed by
A. (?!)

> This prevents
> (among other things) this attack:
> 1) Trent creates a key, and gets it signed by
>    Charlie.
> 2) Baker trusts Charlie, so therefore believes that
>    Trent's key is valid.
> 3) Trent then adds a new user ID "Alice".
> 4) Baker wants to encrypt to "Alice", but which key
>    to use?  They both appear valid.

With full owner-trust in Trent, they are indeed both
valid for Baker. (Or, if Baker trust Trent more than
Alice, the key of Trent is even more valid.) And I
would consider this the right behaviour with such a
owner-trust setting -- but gpg doesn't.


> The right thing to happen is for the real Alice to
> be valid, but Trent's fake Alice to be invalid.


Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de