keys require a user-id

Wiktor Kwapisiewicz wiktor at metacode.biz
Fri May 15 15:01:08 CEST 2020


Hi Ingo,

On 15.05.2020 14:35, Ingo Klöcker wrote:
> Because in GnuPG the validity of keys is bound to validity and owner trust of 
> UIDs. No UID -> invalid key. Why do you want to be able to import a key in 
> GnuPG that would be utterly unusable?

AFAIK key validity and owner trust are per key not per User ID.
Third-party signatures are made for key fingerprint and User ID but then
it takes one fully trusted UID (or 3 marginally by default) for the key
to be considered valid. And then if that valid key signs some other User
ID the process starts anew. For signing other keys only the primary key
is needed, not User IDs.

The distinction is important because it affects only the Web of Trust
and only in one way. That is if you owner-trusted that UID-less key it
could become trust introducer in your WoT. Also you could encrypt to
that key and verify signatures just fine (it just wouldn't display
anything meaningful).

Is this useful? I'm not sure, but wanted to point out this one detail.

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor



More information about the Gnupg-users mailing list