How trust works in gpg...
Peter Lewis
prlewis at letterboxes.org
Tue Apr 15 15:33:08 CEST 2008
On Tuesday 15 April 2008 at 14:11:48 Sven Radde wrote:
> Stan Tobias schrieb:
> > If a public key has a UID1, which I already
> > trust, and a new UID2 is added, why can't I infer trust for the new uid?
> > (...)
> > So the
> > only person that could have added UID2 is the one that is in control of
> > UID1 (supposedly, it's the same person). Why is there a need to check
> > anything?
>
> Because you do not know whether the owner of UID1 is also the owner of
> UID2.
>
> Let's say, someone trusts my key and my user-id on that key.
> Now, I add another ID: "Stan Tobias <sttob at mailshack.com>"...
> No good idea to trust that without checking, is it?
But isn't that the point of signing new UID's with the original one?
Pete.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20080415/aea4f72d/attachment.pgp>
More information about the Gnupg-users
mailing list