Hi Ingo, On 15.05.2020 14:35, Ingo Klöcker wrote: > Because in GnuPG the validity of keys is bound to validity and owner trust of > UIDs. No UID -> invalid key. Why do you want to be able to import a key in > GnuPG that would be utterly unusable?
AFAIK key validity and owner trust are per key not per User ID. Third-party signatures are made for key fingerprint and User ID but then it takes one fully trusted UID (or 3 marginally by default) for the key to be considered valid. And then if that valid key signs some other User ID the process starts anew. For signing other keys only the primary key is needed, not User IDs. The distinction is important because it affects only the Web of Trust and only in one way. That is if you owner-trusted that UID-less key it could become trust introducer in your WoT. Also you could encrypt to that key and verify signatures just fine (it just wouldn't display anything meaningful). Is this useful? I'm not sure, but wanted to point out this one detail. Kind regards, Wiktor -- https://metacode.biz/@wiktor _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
