How trust works in gpg...

David Shaw dshaw at
Thu Apr 24 21:12:06 CEST 2008

On Tue, Apr 15, 2008 at 11:16:34PM +0200, Christoph Anton Mitterer wrote:
> Ok now back to the beginning: When the name in the UID would be just a
> cosmetic addition to the actual ID (the e-mail address) I'd say it's
> irrelevant if it's complete.
> But if it's interpreted as Name + e-mail of a person, I think one should
> only certify the whole name.

You are of course free to do so.  You are not free to mandate this for
others.  You can't stand behind people and insist they follow your
definition of a "whole name".  If nothing else, it's impractical.

> With a certification a signator says <name> is the keyholders name,
> but in my case my name is neither "Christoph Mitterer", nor "christoph
> mitterer", nor "Chris Mitterer" it is (even from a legal point of view
> "Christoph Anton Mitterer".
> See my point? I consider missing information as grave as wrong
> information.

I do see your point, but I think the problem with your idea is that is
not how the OpenPGP trust system works.  The person who gets to decide
if a key+uid should be signed is the person who makes the signature.
Nobody else gets a say.


More information about the Gnupg-users mailing list