How trust works in gpg...

David Shaw dshaw at
Tue Apr 15 22:43:37 CEST 2008

On Tue, Apr 15, 2008 at 09:27:26PM +0200, Christoph Anton Mitterer wrote:
> On Tue, 2008-04-15 at 13:45 -0400, David Shaw wrote:
> > If someone wants to sign your key, you then end up with:
> > 
> > 
> Nicely illustrated,.. but let me please add (I know of course that _you_
> know this) that the SIG is made only over the KEY+UID data,... thus the
> keyholder can happily change his SELFSIG whenever he wants without
> loosing the SIG's.

Yes indeed.  OpenPGP even expects users to change their SELFSIGs
occasionally - the preferences and other UID-specific information is
stored there, so a change to preferences means a change in SELFSIG.


More information about the Gnupg-users mailing list