On Fri, 13 Jun 1997, Bill Frantz wrote:
pub 2048/FFFFFFFF 01/01/90 John Doe john.doe@anonymous.com sig John Doe (0xFFFFFFFF) sig Mary Jane (0xAAAAAAAA) sig Tom Thumb (0x11111111) sig Tiny Tim (0xCCCCCCCC) aka John Doe john.doe@who-is-it.com sig John Doe (0xFFFFFFFF)
Since John Doe is the only one who could sign the key with the new aka one can assume that the aka is as valid as the original userid.
So if John Doe wants to be known as "president@whitehouse.gov" or "Tim May <tcmay@got.net>" all he has to do is change the field, and upload the changed key to the key servers, and all the signatures should remain good?
Well, no, not really. See, the way PGP handles keys (at least the RSA keys) makes it very difficult to remove an id once it's hit a keyserver. Oh yeah, a signature also encompasses the key-id that you sign when you sign the key. So the signatures would fail if the key-id they referred to was drastically changed... ----------------------------------------------------------------------- Ryan Anderson - <Pug Majere> "Who knows, even the horse might sing" Wayne State University - CULMA "May you live in interesting times.." randerso@ece.eng.wayne.edu Ohio = VYI of the USA PGP Fingerprint - 7E 8E C6 54 96 AC D9 57 E4 F8 AE 9C 10 7E 78 C9 -----------------------------------------------------------------------