At 10:33 PM -0700 6/12/97, William H. Geiger III wrote:
In <v0300786dafc68637a08c@[207.94.249.152]>, on 06/12/97 at 10:14 PM, Bill Frantz <frantz@netcom.com> said:
If you have a version of the key with no signatures, then you can change the data field and re-sign with the associated secret key. Since the data field has changed, you properly need to have others re-verify the validity of the binding.
I don't think that any changes that he would make to his key would need re-verification provided that he signed those changes. Take the following scenario:
John Doe creates a key and signs it:
pub 2048/FFFFFFFF 01/01/90 John Doe sig John Doe (0xFFFFFFFF)
Now 3 other people verify that the key does belong to John Doe and sign the key:
pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC)
Now John adds an aka to his key and signs it.
pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC) aka John Doe john.doe@who-is-it.com sig John Doe (0xFFFFFFFF)
Since John Doe is the only one who could sign the key with the new aka one can assume that the aka is as valid as the original userid.
So if John Doe wants to be known as "president@whitehouse.gov" or "Tim May <tcmay@got.net>" all he has to do is change the field, and upload the changed key to the key servers, and all the signatures should remain good? ------------------------------------------------------------------------- Bill Frantz | The Internet was designed | Periwinkle -- Consulting (408)356-8506 | to protect the free world | 16345 Englewood Ave. frantz@netcom.com | from hostile governments. | Los Gatos, CA 95032, USA