Aw: Re: multiple keys with different UIDs and common WoT?

Peter Lebbing peter at digitalbrains.com
Sun Dec 1 11:30:58 CET 2013


On 01/12/13 11:12, Peter Lebbing wrote:
> - You ask people, when they certify you, to certify both keys. It's a rare
> event, it's not that big of a burden all in all.

A small detail I forgot to mention: people sign key/UID pairs. Obviously when
you have an UID "Klaus <klaus at employer1.de>" and you go work for employer2, that
UID should be revoked and you will lose signatures on that UID. But you can
also[1] add an UID "Klaus", without e-mail, and get that certified. That UID
will still be valid, and there are multiple options for people sending you mail
to <Klaus at employer2.de>:

- They see your UID "Klaus" and select the key manually from their mail client
- They see your UID "Klaus" and make a local signature on the other UID to make
it valid[2]
- You ask the people who signed your UID "Klaus" to please also sign the new UID
to get it back in the WoT. You never changed your key (or your name), their
certification is still the same, you just added an e-mail address. People can
choose how they wish to verify that information, f.e. by sending their new
signature encrypted to your key, to that e-mail address. But since you never
changed the key, they don't need to do a full verification (identity and
fingerprint).

I think the last solution is the best. It has the downside that other people
have to actually do it.

Hmm, not such a small detail after all!

HTH,

Peter.

[1] I'm not being literal here, I mean an UID with your full name, not just
Klaus :).

[2] This method has its downsides, for instance maintenance. What if the
signatures that made "Klaus" valid are revoked for some reason? Your local sig
is not automatically revoked as well, so the other UID stays valid even though
the WoT basis for the validity is removed.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list