How trust works in gpg...

Sven Radde email at sven-radde.de
Tue Apr 15 15:11:48 CEST 2008


Stan Tobias schrieb:
> If a public key has a UID1, which I already
> trust, and a new UID2 is added, why can't I infer trust for the new uid?
> (...) 
> So the
> only person that could have added UID2 is the one that is in control of
> UID1 (supposedly, it's the same person).  Why is there a need to check
> anything?
>   
Because you do not know whether the owner of UID1 is also the owner of UID2.

Let's say, someone trusts my key and my user-id on that key.
Now, I add another ID: "Stan Tobias <sttob at mailshack.com>"...
No good idea to trust that without checking, is it?

cu, Sven



More information about the Gnupg-users mailing list