On Tue, Nov 05, 2013 at 12:40:11AM -0800, Paul R. Ramer wrote: > I don't know how I can explain it any better than I have. I think you are > confusing assertion with verification. Unless you can differentiate between > the two in this case, I don't think you will see what I am talking about. > > [...] > > I guess all I can say is that one should have a key signing policy to let > others know how he verifies keys. > > There. I said it all over again, just differently (and a whole lot more).
OK, I think I understood your point. (That is, assertion is not as strong as verification.) However, I think in this case (assuming there are no more UID on key 2 than on key 1), assertions are sufficient, *because* there are two assertions, one in both ways. I mean : * Owner of Key 1 says (s)he is owner of Key 2 (through signed message saying you so) * Owner of Key 2 says (s)he is owner of Key 1 (through signed UID on Key 2) So, except in case of collusion between owners of Keys 1 and 2, I believe there is no way one can be wrong in signing Key 2 (of course, if Key 1 is signed). IIUC, your point is that verification would enable one to avoid collusion, as it is the only flaw I can see in this verification scheme. Except collusion can not be avoided in any way, AFAIK. If that is not your point, could you exhibit a scenario in which there is a signed UID on Key 2, a signed statement from Key 1 owner saying he owns Key 2, and Key 2 not being usable by Key 1 owner ? (Of course, excepting collusion, which as stated above can not be avoided.) Cheers, Leo _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users