trust your corporation for keyowner identification?
MFPA
expires2013 at ymail.com
Mon Nov 4 18:43:01 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Monday 4 November 2013 at 4:52:02 PM, in
<mid:5277D0B2.9040103 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> Yes, it does make a difference.
[snipped]
> If you had certified both User IDs on my
> key, gpg would be happy to encrypt the message to my
> key instead of Alice's actual key.
Thank you. I had not realised gpg worried about which User IDs were
signed. At some point in the past I thought I tested this and
concluded it didn't make a difference, but have just tested again and
confirmed to myself that it does.
> An OpenPGP certification (a "keysigning") is an
> identity assertion, over *both* the key and the User
> ID. It says "this key K belongs to the person known
> in the real world by the User ID U", and it is
> cryptographically signed by the person making the
> assertion.
> If you substitute some arbitrary other User ID for U,
> the meaning of the certification changes radically (and
> the cryptographic certification breaks). This is an
> intended feature.
Thanks for the explanation.
- --
Best regards
MFPA mailto:expires2013 at ymail.com
Two rights do not make a wrong. They make an airplane.
-----BEGIN PGP SIGNATURE-----
iPQEAQEKAF4FAlJ33LBXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5px60D/1VDKpSRAjsFM04KBJCMtoyMUJQA/MSu6l0d
fckN0TY5E98dTLxF8LI2y3XEszMKh8N76JItSNZyoZYmBW+pcwgnhEZ4Y/jiha3d
SZdapAHE91oDoGhnBn1zJ2txz41r0jHN1Y0w6MGuBvV9t92OHWAL1CnBlbMFzjkh
nhz6WBw4
=fWqu
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list