1. PGP trust model: why sign user ID's and not keys?
I'm a bit puzzled about one aspect of the PGP trust model. When you sign a
key, you actually sign the default user ID, but when PGP decrypts/verifies,
the distinction between user ID's is lost and signatures are treated as if
the key as a whole has been signed.
I tried the following:
Apart from me two other people are involved:
1. A trusted friend.
I have his public key, I signed it and granted him complete trust.
2. Someone I never met.
I have his public key, and it has been signed by my trusted friend, so PGP
considers it valid.
The second person decides to change his internet provider and gets a new
e-mail address. So he adds a new user ID to his key and removes the old one.
He sends me his altered public key and I update my keyring. This now shows
both the old and the new user ID, and the old one remains the default. The
old ID is signed by my trusted friend and marked valid, the new one isn't
and is marked invalid. The key as a whole is marked valid.
When I verify a signature the second person made with his new user ID, PGP
reports the key as valid (it shows the OLD user ID which is still the
default on my key ring).
When I set the second person's new user ID as default for on my key ring,
the key is marked invalid (the old user ID is still marked valid). When I
check the signature from the second person again it's still marked valid.
When I remove the old user ID from my ring (the e-mail address won't be used
anymore) I also remove my trusted friend's signature. Now when I check the
same signature again it's marked invalid.
This shows that the receiver of a signed message can't see which of the
signing key's user ID's has been used. It doesn't make any difference
either, as far as I can see. A key belongs to a person, and this person
signed the message. If he/she has multiple e-mail adresses or chooses to
have a number of pseudonyms on the net, it doesn't make any difference. He
or she signed the message. But why then, if you sign somebody's key, is this
signature attached to one of those user ID's, and not to the key as a whole?
is this a design flaw or does it have a deeper meaning? It doesn't make any
sense to me. If there is a reason to sign user ID's instead of keys, then
why doesn't PGP report a signature as invalid when the signing user ID is
Please enlighten me.
Please remove the "nospam!" from my email-address when responding directly.
Sorry for the inconvenience.
2. file association in vb.net question
3. paper on defective 'sign and encrypt' in pgp
4. How many T1s in one bundle?
5. : REMINDER: LISA '97 PGP key signing BoF--send keys by Thurs, Oct 23
6. hwlp with dual Procs
7. REMINDER: LISA '97 PGP key signing BoF -- send your keys in
8. Epoch HSM filesystem hang w/Solaris?
9. Outlook 2002 won't decrypt PGP-encrypted message
10. cant encrypt to someone's just-added PGP key
11. Can RSA key users verify and/or decrypt a message encrypted/singed with a DH key
12. Can't Sign Security Employee Cert Key in PGP 7.0.3/Mac
13. Automatic Signing or Encrypting