How trust works in gpg...

David Shaw dshaw at jabberwocky.com
Tue Apr 15 19:45:33 CEST 2008


On Tue, Apr 15, 2008 at 02:33:08PM +0100, Peter Lewis wrote:
> On Tuesday 15 April 2008 at 14:11:48 Sven Radde wrote:
> > Stan Tobias schrieb:
> > > If a public key has a UID1, which I already
> > > trust, and a new UID2 is added, why can't I infer trust for the new uid?
> > > (...)
> > > So the
> > > only person that could have added UID2 is the one that is in control of
> > > UID1 (supposedly, it's the same person).  Why is there a need to check
> > > anything?
> >
> > Because you do not know whether the owner of UID1 is also the owner of
> > UID2.
> >
> > Let's say, someone trusts my key and my user-id on that key.
> > Now, I add another ID: "Stan Tobias <sttob at mailshack.com>"...
> > No good idea to trust that without checking, is it?
> 
> But isn't that the point of signing new UID's with the original one?

That's not how signing works.  You don't sign a UID with a UID.  You
sign a UID with a key.

KEY = The primary key.  It can issue signatures.
UID = A name
SIG = A signature that is made on the combination of KEY+UID.
SELFSIG = Same as SIG, bit issued yourself (i.e. by KEY).

When you make a key, you end up with (leaving out subkeys for now):

  KEY + UID + SELFSIG

If someone wants to sign your key, you then end up with:

  KEY + UID + SELFSIG + SIG

So SELFSIG is you saying "I bind this KEY and UID together", and SIG
is the other person saying "Me too".

If you add another UID at this point, you have:

  KEY + UID + SELFSIG + SIG + UID + SELFSIG

Now, note that the other person hasn't made any statement about
whether the second UID is valid.  YOU have, but then, it's your key:
you can make any statement you like.  It only becomes believable when
someone else adds their "me too".

David



More information about the Gnupg-users mailing list