Self-sigs with trusted key

David Shaw dshaw at
Sun May 30 14:15:17 CEST 2004

On Sun, May 30, 2004 at 05:01:56PM +0700, Ivan Boldyrev wrote:
> I have Werner's key:
> pub  1024D/5B0358A2  created: 1999-03-15  expires: 2009-07-11
>                      trust: full          validity: full
> sub  2048R/B604F148  created: 2004-03-21  expires: 2005-12-31
> sub  1024D/010A57ED  created: 2004-03-21  expires: 2007-12-31
> [    full] (1). Werner Koch <wk@***.org>
> [    full] (2)  Werner Koch
> [ unknown] (3)  Werner Koch <wk@***.com>
> You see, key is trusted and valid.  Third user ID is signed by Werner
> but is not signed by anyone of my ring, but first and second IDs are
> signed by other trusted persons and valid then.
> I do not understand why third UID is not valid while it has self-sig
> with trusted key?

That's now how trust works.  You can't sign your own key to make it
valid.  Neither can Werner ;)

If you think about it, this makes sense.  If this wasn't true, then
there would be no point in having different validity levels on
different user IDs since all user IDs would become as trusted as the
key as a whole.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 250 bytes
Desc: not available
Url : /pipermail/attachments/20040530/63a20962/attachment-0001.bin

More information about the Gnupg-users mailing list