Aw: Re: multiple keys with different UIDs and common WoT?

Klaus gpgml at gmx-topmail.de
Sat Nov 30 23:42:26 CET 2013


> From: "Peter Lebbing" <peter at digitalbrains.com>
> You could build the WoT only on your personal key (which survives switching
> jobs), and set your personal key as ultimately trusted on your work PC (work PC
> only has the public key for your personal key). An ultimately trusted public key
> is no different from installing the private key for trust calculations, I think.
> I tested the situation, it seems the same to me with or without the private key[1].

Ok, this will fix the WoT from my perspective. What about other users importing my
work key? Especially when they don't fully trust my personal key, they will never
trust the work-key, because there are no other links that may generate trust by
having multiple marginally trusted links. They might decide to manually change that
when they see the two keys are actually from the same person, but I guess this
will never be handeled automatically.

> BTW, some people frown on signing a key both with the personal and the work key
> as in your scenario, because you will count as two people in trust calculations
> done by GnuPG.

That shouldn't be a problem, as long as I don't ask people to sign my work key
and don't sign with my work key.

Klaus
-- 
Diese E-Mail wurde aus dem Sicherheitsverbund E-Mail made in
Germany versendet: http://www.gmx.net/e-mail-made-in-germany



More information about the Gnupg-users mailing list