UI terminology for calculated validities

Hauke Laging mailinglisten at hauke-laging.de
Fri May 2 03:45:30 CEST 2014


Am Fr 25.04.2014, 11:20:08 schrieb Peter Lebbing:
> On 25/04/14 04:49, Hauke Laging wrote:
> > Another point:
> > Is it a good idea to use the same terms for both the key itself and
> > user IDs?
> 
> What do you mean? Validity (and it's proposed new form, authenticity)
> refers to the coupling of a key and a User ID. It doesn't refer to
> either thing by itself. Does it?

Of course, it does:

start cmd:> LANG=en gpg --edit-key 0x1a571df5 quit
pub  4096R/0x1A571DF5  created: 2012-11-04  usage: SCE 
                       trust: ultimate      validity: ultimate

This is a statement about the key, not about some UID.

Or:

start cmd:> gpg --with-colons --list-keys 0x1a571df5
pub:u:4096:1:BF4B8EEF1A571DF5:1351995465:1415197758::u:::escESCA:
uid:u::::
uid:u::::
uid:u::::

/usr/share/doc/packages/gpg2/DETAILS:

2. Field:  A letter describing the calculated validity.

The key itself must have such a state for the simple reason that you can 
select an encryption key via the UID but you (usually) cannot know 
"which UID" has made a signature. You just know the (sub)key. The WoT is 
calculated over key validities not over UID validities.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140502/6a9ff58b/attachment.sig>


More information about the Gnupg-users mailing list