How trust works in gpg...
mkallas at schokokeks.org
Tue Apr 15 12:21:43 CEST 2008
On Tue, Apr 15, 2008 at 12:42:43AM +0200, Herbert Furting wrote:
> On Mon, 2008-04-14 at 23:20 +0100, Peter Lewis wrote:
> > Ah yes, thanks. So I have now set the owner-trust for his key to "full", but
> > still it says "unknown" for the other UIDs. So, I should manually set the
> > trust for keys / UIDs that I think I trust based on who has signed them?
> Sorry,.. I haven't read your initial post correctly.
> As David said in the meantime new UIDs are of course _not_ recognised
> automatically (a user could simply add a completely wrong name). You
> have to sign the UID (better said, key+UID).
> You should only do so, if the name is the same (or if you know that the
> key holder goes by that name).
> If the new UID just contains a new email address, you should really
> check if the keyholder "controlls" that email address.
> You can do so, by sending him an encrypted challenge.
I remember Werner saying that this was just nonsense.
Werner, can you correct me if I'm wrong?
Free Software Foundation Europe (FSFE)  (http://fsfeurope.org)
Join the Fellowship of FSFE!  (http://fsfe.org/join)
Your donation powers our work!  (http://fsfeurope.org/donate)
More information about the Gnupg-users