-----BEGIN PGP SIGNED MESSAGE----- In <v03007874afc71e205651@[207.94.249.152]>, on 06/13/97 at 11:00 AM, Bill Frantz <frantz@netcom.com> said:
At 10:33 PM -0700 6/12/97, William H. Geiger III wrote:
In <v0300786dafc68637a08c@[207.94.249.152]>, on 06/12/97 at 10:14 PM, Bill Frantz <frantz@netcom.com> said:
If you have a version of the key with no signatures, then you can change the data field and re-sign with the associated secret key. Since the data field has changed, you properly need to have others re-verify the validity of the binding.
I don't think that any changes that he would make to his key would need re-verification provided that he signed those changes. Take the following scenario:
John Doe creates a key and signs it:
pub 2048/FFFFFFFF 01/01/90 John Doe sig John Doe (0xFFFFFFFF)
Now 3 other people verify that the key does belong to John Doe and sign the key:
pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC)
Now John adds an aka to his key and signs it.
pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC) aka John Doe john.doe@who-is-it.com sig John Doe (0xFFFFFFFF)
Since John Doe is the only one who could sign the key with the new aka one can assume that the aka is as valid as the original userid.
So if John Doe wants to be known as "president@whitehouse.gov" or "Tim May <tcmay@got.net>" all he has to do is change the field, and upload the changed key to the key servers, and all the signatures should remain good?
Well remember that John Doe is only adding an AKA to his key not deleteing the old userid and replacing it with a new one. This is very important. pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC) aka John Doe president@whitehouse.gov sig John Doe (0xFFFFFFFF) If he were to remove the old userid and replace it with a new one you would have: pub 2048/FFFFFFFF 01/01/90 John Doe president@whithouse.gov sig John Doe (0xFFFFFFFF) without any autheticating signatures. The first case all we have is a change of address while in the second we have a change of identity. - -- - --------------------------------------------------------------- William H. Geiger III http://www.amaranth.com/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBM6FypY9Co1n+aLhhAQEa6QP9EqFGKkAddZMmNFt6hcU8VbIrcqN5toia vUXHsUjL+3BPhddyGc0qU2q8GqsBEvqklPYFGfT1nYAI8/v4J1Qd81gOLvxEvnrZ FUeFersILXJBQ1VYHhvhUoTKT3CyDg1PbrwYPIlyksEYbFSv+anxIywQGF58XXRh VtonV7HFyiU= =wy43 -----END PGP SIGNATURE-----