On 01/12/13 11:12, Peter Lebbing wrote: > - You ask people, when they certify you, to certify both keys. It's a rare > event, it's not that big of a burden all in all.
A small detail I forgot to mention: people sign key/UID pairs. Obviously when you have an UID "Klaus <kl...@employer1.de>" and you go work for employer2, that UID should be revoked and you will lose signatures on that UID. But you can also[1] add an UID "Klaus", without e-mail, and get that certified. That UID will still be valid, and there are multiple options for people sending you mail to <kl...@employer2.de>: - They see your UID "Klaus" and select the key manually from their mail client - They see your UID "Klaus" and make a local signature on the other UID to make it valid[2] - You ask the people who signed your UID "Klaus" to please also sign the new UID to get it back in the WoT. You never changed your key (or your name), their certification is still the same, you just added an e-mail address. People can choose how they wish to verify that information, f.e. by sending their new signature encrypted to your key, to that e-mail address. But since you never changed the key, they don't need to do a full verification (identity and fingerprint). I think the last solution is the best. It has the downside that other people have to actually do it. Hmm, not such a small detail after all! HTH, Peter. [1] I'm not being literal here, I mean an UID with your full name, not just Klaus :). [2] This method has its downsides, for instance maintenance. What if the signatures that made "Klaus" valid are revoked for some reason? Your local sig is not automatically revoked as well, so the other UID stays valid even though the WoT basis for the validity is removed. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
