Key signing with non-primary UID

Werner Koch wk at gnupg.org
Sun Jan 24 20:08:21 CET 2016


On Sat, 23 Jan 2016 12:29, przemoc at gmail.com said:

> I would like to sign someone's key with my non-primary UID.
> Why? To reflect that given UID is the one I use when contacting owner

You do not sign a key with a user id but with your key.  Thus it does
not make sense to declare which user id made the key-signature.

There are too many cases which one would need to decide to make use of
such a feature: What if the user id has been revoked or if the verifier
does not got hold of that user id (it may be newer or removed later).
Why should a key signature I once made with my revoked openit.de address
gets void after the revocation of the address.  It is still my key and
thus me who certified your key+user-id.

The Web-of-Trust as implemented by PGP and GnuPG can't make use of this
info.  You would need to come up with an extend WoT taking this in
account.  Given that the WoT does not really scale and is already
complicated enough it is doubtful what the advantages of such a new
trust model are.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list