On 11/02/2013 07:34 PM, Leo Gaspard wrote: > Well... > 1) Checked by the other key's message. Because signed (K1) message from > Alice, > saying she has access to K2, means any UID on K2 named Alice is as right > as > the equivalent UID on K1. So the UIDs are correct. > 2) Checked by the presence of the UID. Because, to add a UID, one must have > control of the secret key, and thus be able to decrypt / sign messages > with > it. And, as stated in (1), the UIDs are valid. So Alice, who added the > UIDs, > must have access to the secret key. > > The only case I could find of (2) invalid would be if Alice herself tried to > trick you into signing a key with her name but used by Bob. Except it turns > out that she could just as well have the key for the time of the key exchange, > and then pass it to Bob.
In your points, (1) assumes that Key 2 has UIDs that are the same as those on Key 1, i.e. their are no UIDs with new email addresses or different names. Likely, this would be true, but I am not making any assumptions here on the UIDs. As for (2), yes, whoever has control of the key must have created the UIDs and can decrypt and sign messages. But you are still assuming that because Alice said that she owns Key 2, sent you a signed message saying so, and the UIDs match those on Key 1 (most likely) that she has control of the key and that you still do not need to verify that she can decrypt and sign messages. The probability that it is her key and that she does have control of it is, I believe, high. Being probable does not mean that you have verified that she controls the key. Cheers, --Paul _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
