[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)
jajcus at bnet.pl
Thu Mar 18 08:18:15 UTC 2004
On Wed, Mar 17, 2004 at 01:27:44PM -0800, Justin Karneges wrote:
> Is it possible for the key user-id fields to slip past the view of the pgp
> user, if the key is already trusted? For instance, what if the key validates
> via the web-of-trust, or if the user has already explicitly signed the key
> earlier and now blindly accepts updates?
> If the user must hand check every key that goes into his keyring, even updated
> keys, then there is no problem.
I don't fully understand you, but I will try to answer... :)
In PGP keys each key-id is separately signed and trusted. If the user
trust the key owner he may sign each key-id added by the owner, but this
is still his decision (the user, not the owner). If the only key-id is
changed then all signatures are lost.
More information about the Standards