How trust works in gpg...

Herbert Furting lhshas at
Tue Apr 15 21:36:04 CEST 2008

On Tue, 2008-04-15 at 14:09 -0400, David Shaw wrote:
> On Tue, Apr 15, 2008 at 03:10:47PM +0200, Herbert Furting wrote:
> > To say it short: In my opinion every information that you sign/certify
> > should be actually validaded.
> > It probably makes even sense to check if a keyholder specified all of
> > his given names,... and perhaps one shouldn't sign UIDs like "Geroge
> > W. Bush" if the W. is an abbreviation, while "Harry S Truman" would be
> > ok,.. as the S wasn't an abbreviation (iirc).
> Not at all (though it is true that the S in Harry Truman's name isn't
> an abbreviation).
> When you sign a UID, you're signing what is there, and not making any
> statement beyond what is there.  You don't need to insist they spell
> out all of their names.
Well I think it's generally better to always use only full names,...
that helps to prevent collisions like if my name would be "David
Something Shaw". Of course I say that it only helps,.. it doesn't fully
solve this.
Anyway it is a matter of policy,... the stricter the policy is, the more
likely it is, that it will require to include all official names.
See for example the certificates of the German signature law... IIRC it
is not allowed to skip names or switch names like "Hans-Jürgen" into
"Hans Jürgen".


More information about the Gnupg-users mailing list