How trust works in gpg...

Michael Kesper mkallas at
Tue Apr 15 12:21:43 CEST 2008


On Tue, Apr 15, 2008 at 12:42:43AM +0200, Herbert Furting wrote:
> On Mon, 2008-04-14 at 23:20 +0100, Peter Lewis wrote:
> > Ah yes, thanks. So I have now set the owner-trust for his key to "full", but 
> > still it says "unknown" for the other UIDs. So, I should manually set the 
> > trust for keys / UIDs that I think I trust based on who has signed them?
> Sorry,.. I haven't read your initial post correctly.
> As David said in the meantime new UIDs are of course _not_ recognised
> automatically (a user could simply add a completely wrong name). You
> have to sign the UID (better said, key+UID).
> You should only do so, if the name is the same (or if you know that the
> key holder goes by that name).
> If the new UID just contains a new email address, you should really
> check if the keyholder "controlls" that email address.
> You can do so, by sending him an encrypted challenge.

I remember Werner saying that this was just nonsense.
Werner, can you correct me if I'm wrong?

Best wishes
Free Software Foundation Europe (FSFE) []         (
Join the Fellowship of FSFE!         [][][]       (
Your donation powers our work!         []  (

More information about the Gnupg-users mailing list