[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Jacek Konieczny jajcus at bnet.pl
Thu Mar 18 08:18:15 UTC 2004


On Wed, Mar 17, 2004 at 01:27:44PM -0800, Justin Karneges wrote:
> Is it possible for the key user-id fields to slip past the view of the pgp 
> user, if the key is already trusted?  For instance, what if the key validates 
> via the web-of-trust, or if the user has already explicitly signed the key 
> earlier and now blindly accepts updates?
> 
> If the user must hand check every key that goes into his keyring, even updated 
> keys, then there is no problem.

I don't fully understand you, but  I will try to answer... :)

In PGP keys each key-id is separately signed and trusted. If the user
trust the key owner he may sign each key-id added by the owner, but this
is still his decision (the user, not the owner). If the only key-id is
changed then all signatures are lost.

Greets,
	Jacek



More information about the Standards mailing list