trust your corporation for keyowner identification?

Leo Gaspard ekleog at
Sun Nov 3 03:34:25 CET 2013

(Sorry, I once again sent the message only to you and not to the list -- I
really need to get used to mailing lists, sorry !)

On Sat, Nov 02, 2013 at 07:08:15PM -0700, Paul R. Ramer wrote:
> On 11/02/2013 02:25 PM, Leo Gaspard wrote:
> > Isn't the presence of a UID sufficient for this matter ?
> No, it is not.  Here is why.  When you verify a key to sign you are
> verifying the following:
> 1) For each UID, that the name is correct and that the purported owner
> has control of the email in that UID (possibly also verifying the
> comment if it contains something such as "CEO ABC Corporation").
> 2) That the purported owner has control of the key and can decrypt and
> sign messages.
> [...]

 1) Checked by the other key's message. Because signed (K1) message from Alice,
    saying she has access to K2, means any UID on K2 named Alice is as right as
    the equivalent UID on K1. So the UIDs are correct.
 2) Checked by the presence of the UID. Because, to add a UID, one must have
    control of the secret key, and thus be able to decrypt / sign messages with
    it. And, as stated in (1), the UIDs are valid. So Alice, who added the UIDs,
    must have access to the secret key.

The only case I could find of (2) invalid would be if Alice herself tried to
trick you into signing a key with her name but used by Bob. Except it turns
out that she could just as well have the key for the time of the key exchange,
and then pass it to Bob.

Where am I wrong ?



More information about the Gnupg-users mailing list