multiple keys vs multiple identities

MFPA expires2010 at
Sat Sep 25 03:20:13 CEST 2010

Hash: SHA512


On Friday 24 September 2010 at 9:21:10 PM, in
<mid:4C9D0836.6030608 at>, Daniel Kahn Gillmor wrote:
>> I thought that gnupg and other openpgp implementations
>> calculated trust without regard to which user IDs had
>> been certified.

> "trust" is a different issue than the validity of User
> IDs, and both are unrelated to data signatures.

OK, this is "validity" rather than "trust". What I meant is that (for
example) gnupg will refuse to encrypt to a key if it has no signature
from yourself and not enough signatures from other keys that you
"trust." And that it makes no difference which user-IDs have been
signed by yourself (or by the keys that you trust).

> When GnuPG talks about "trust", it's usually referring
> to the concept of "ownertrust", which is a value
> associated with a primary key. "ownertrust" addresses
> the question "how much am i willing to rely on identity
> certifications made by this key?"

I've never managed to properly internalise this. I thought keys, that
you have not signed yourself, were "trusted" or not, based on how many
certifications that key carried from keys that you "trust" and
regardless of which individual uids actually carried those
certifications. Please correct me if this is incorrect.

> "Validity" is a concept associated with the binding
> between a User ID and its public key.  "validity"
> addresses the question "how much do i believe that the
> entity named by the User ID is in fact the entity who
> actually controls the secret part of this key?"

> Put another way, "validity" addresses the question
> "does this key really belong to X?" (where X is the
> entity referred to by the User ID)

- From

     4.7) What are trust, validity and ownertrust?

     With GnuPG, the term "ownertrust" is used instead of "trust" to
     help clarify that this is the value you have assigned to a key to
     express how much you trust the owner of this key to correctly
     sign (and thereby introduce) other keys. The "validity", or
     calculated trust, is a value which indicates how much GnuPG
     considers a key as being valid (that it really belongs to the one
     who claims to be the owner of the key). For more information on
     trust values see the chapter "The Web of Trust" in The GNU
     Privacy Handbook.

Not sure what any of this has to do with the binding between a User ID
and its public key. But clear (while looking at definitions) that
"ownertrust" is whether you trust the key owner to make reliable
certifications, and that validity is whether you accept the key as
really belonging to the entity it purports to belong to.

> Note that "ownertrust" says *nothing* about whether a
> data signature made by a given key is trustworthy.  By
> "data signature", i mean a signature over regular data,
> either text or binary -- as opposed to an identity
> certification made over another User ID and key.  That
> is, I can:

>  * believe that you are who you claim to be, and * that
>  the key in use is actually your key, and * decline to
>  rely on any other identity certifications you make,
>  and * still find it useful to know whether your key
>  signed a given document

Perfectly consistent. Keeping their private key and passphrase secure
says nothing about how thoroughly somebody will check credentials
before signing other people's keys.

I would note that it could still be useful to know your key signed a
particular document, even if I didn't believe who you claimed to be.

- --
Best regards

MFPA                    mailto:expires2010 at

CAUTION! - Beware of Warnings!


More information about the Gnupg-users mailing list