Different uids with different trusts?

David Shaw dshaw@jabberwocky.com
Thu Sep 11 20:58:04 2003


On Thu, Sep 11, 2003 at 08:45:57PM +0200, Ronald Friedrichs wrote:
>  --- David Shaw <dshaw@jabberwocky.com> schrieb: > On
> Thu, Sep 11, 2003 at 06:40:07PM +0200, Ronald
> > > Why is this so? Person A has self-signatures on
> > > his uids and the key of A is signed by B, 
> > > so why is the second uid not trusted? 
> > 
> > It shouldn't be trusted.  B signed foo@a, not bar@a.
> > They're not the same, even though they may reside on
> 
> > the same key. 
> 
> Ok, but let's say B sets the owner-trust of A to
> "full". This means B trusts A to sign only uids which
> are correct. But then, B automatically has to accept
> bar@a as valid, because this uid is (self-)signed by
> A. (?!)

It doesn't work that way.  Self-signatures do not count in the web of
trust.

> > This prevents
> > (among other things) this attack:
> > 
> > 1) Trent creates a key, and gets it signed by
> >    Charlie.
> > 2) Baker trusts Charlie, so therefore believes that
> >    Trent's key is valid.
> > 3) Trent then adds a new user ID "Alice".
> > 4) Baker wants to encrypt to "Alice", but which key
> >    to use?  They both appear valid.
> 
> With full owner-trust in Trent, they are indeed both
> valid for Baker. (Or, if Baker trust Trent more than
> Alice, the key of Trent is even more valid.) And I
> would consider this the right behaviour with such a
> owner-trust setting -- but gpg doesn't.

Neither does PGP, because that just not how the web of trust works.
If it worked the way you describe, then it would be open to trivial
spoofing attacks.

David