trust your corporation for keyowner identification?
expires2013 at ymail.com
Mon Nov 4 18:43:01 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 4 November 2013 at 4:52:02 PM, in
<mid:5277D0B2.9040103 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> Yes, it does make a difference.
> If you had certified both User IDs on my
> key, gpg would be happy to encrypt the message to my
> key instead of Alice's actual key.
Thank you. I had not realised gpg worried about which User IDs were
signed. At some point in the past I thought I tested this and
concluded it didn't make a difference, but have just tested again and
confirmed to myself that it does.
> An OpenPGP certification (a "keysigning") is an
> identity assertion, over *both* the key and the User
> ID. It says "this key K belongs to the person known
> in the real world by the User ID U", and it is
> cryptographically signed by the person making the
> If you substitute some arbitrary other User ID for U,
> the meaning of the certification changes radically (and
> the cryptographic certification breaks). This is an
> intended feature.
Thanks for the explanation.
MFPA mailto:expires2013 at ymail.com
Two rights do not make a wrong. They make an airplane.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users