How trust works in gpg...
dshaw at jabberwocky.com
Tue Apr 15 22:43:37 CEST 2008
On Tue, Apr 15, 2008 at 09:27:26PM +0200, Christoph Anton Mitterer wrote:
> On Tue, 2008-04-15 at 13:45 -0400, David Shaw wrote:
> > If someone wants to sign your key, you then end up with:
> > KEY + UID + SELFSIG + SIG
> Nicely illustrated,.. but let me please add (I know of course that _you_
> know this) that the SIG is made only over the KEY+UID data,... thus the
> keyholder can happily change his SELFSIG whenever he wants without
> loosing the SIG's.
Yes indeed. OpenPGP even expects users to change their SELFSIGs
occasionally - the preferences and other UID-specific information is
stored there, so a change to preferences means a change in SELFSIG.
More information about the Gnupg-users