How trust works in gpg...

Herbert Furting lhshas at googlemail.com
Tue Apr 15 15:10:47 CEST 2008


First of all,... unfortunately Chris forgot to CC the list (at least
it seems so). So I post his answer again:
On Tue, Apr 15, 2008 at 12:21 PM, Michael Kesper <mkallas at schokokeks.org> wrote:
>  I remember Werner saying that this was just nonsense.
>  Werner, can you correct me if I'm wrong?
Well this is partly true as everybody can loose or change an email
address. So the process of validating that a key-owner has "controll"
over an email address does not say that this will last forever (btw:
this also applies for the real name,.. imagine someone marries).
But apart from that I think it still makes sense to really validate
the email (e.g.  via challenge response).

Imagine Werner Koch (from GnuPG) who has wk at gnupg.org... and another
Werner Koch who works at uhm perhaps Mikrosaft,...he has the email
werner at mikrosaft.com.
Both are really named "Werner Koch" and people validate this e.g. via
their passports when they meet one of the two Werners in person and
sign their key/UIDs.

After some time the Werner Koch from Mikrosaft becomes evil and adds a
new UID "Werner Koch <wk at gnupg.org>"... and he asks his previous key
signers to sign his new ID because he no longer goes by his "old"
eMail address.
If the signers say just,.. oh well the name is the same and I don't
have to check if the evil Werner Koch actually has access to the
eMail,... a lot of people might believe that he is our good
gpg-programming Werner.


To say it short: In my opinion every information that you sign/certify
should be actually validaded.
It probably makes even sense to check if a keyholder specified all of
his given names,... and perhaps one shouldn't sign UIDs like "Geroge
W. Bush" if the W. is an abbreviation, while "Harry S Truman" would be
ok,.. as the S wasn't an abbreviation (iirc).



Does this answer your post?

Herbert



More information about the Gnupg-users mailing list