trust your corporation for keyowner identification?

[Paul R. Ramer]

On 11/02/2013 07:34 PM, Leo Gaspard wrote:
> Well...
>  1) Checked by the other key's message. Because signed (K1) message from Alice,
>     saying she has access to K2, means any UID on K2 named Alice is as right as
>     the equivalent UID on K1. So the UIDs are correct.
>  2) Checked by the presence of the UID. Because, to add a UID, one must have
>     control of the secret key, and thus be able to decrypt / sign messages with
>     it. And, as stated in (1), the UIDs are valid. So Alice, who added the UIDs,
>     must have access to the secret key.
> 
> The only case I could find of (2) invalid would be if Alice herself tried to
> trick you into signing a key with her name but used by Bob. Except it turns
> out that she could just as well have the key for the time of the key exchange,
> and then pass it to Bob.

In your points, (1) assumes that Key 2 has UIDs that are the same as
those on Key 1, i.e. their are no UIDs with new email addresses or
different names.  Likely, this would be true, but I am not making any
assumptions here on the UIDs.

As for (2), yes, whoever has control of the key must have created the
UIDs and can decrypt and sign messages.  But you are still assuming that
because Alice said that she owns Key 2, sent you a signed message saying
so, and the UIDs match those on Key 1 (most likely) that she has control
of the key and that you still do not need to verify that she can decrypt
and sign messages.

The probability that it is her key and that she does have control of it
is, I believe, high.  Being probable does not mean that you have
verified that she controls the key.

Cheers,

--Paul