How trust works in gpg...
Sven Radde
email at sven-radde.de
Tue Apr 15 15:11:48 CEST 2008
Stan Tobias schrieb:
> If a public key has a UID1, which I already
> trust, and a new UID2 is added, why can't I infer trust for the new uid?
> (...)
> So the
> only person that could have added UID2 is the one that is in control of
> UID1 (supposedly, it's the same person). Why is there a need to check
> anything?
>
Because you do not know whether the owner of UID1 is also the owner of UID2.
Let's say, someone trusts my key and my user-id on that key.
Now, I add another ID: "Stan Tobias <sttob at mailshack.com>"...
No good idea to trust that without checking, is it?
cu, Sven
More information about the Gnupg-users
mailing list