Sieuwert van Otterloo's paper, 'A security analysis of PGP'
(http://www.bluering.nl/pgp/pgp.ps), describes a more general problem
in a few OpenPGP implementations (but fails to state that it affects
most OpenPGP implementations, not only NAI PGP 5.x to 7.x):
OpenPGP defines certificates as (public key, user ID) pairs, but most
implementations tend to present 'key certificates', and the mapping
from the former to the latter often leaves something to be desired
(especially with PGP 2.6.x, but GnuPG, too, is not yet perfect).
For example, PGP 2.6.3in prints the following messages for a valid
signature created with the key below:
Good signature from user "bad test key".
Signature made 2001/09/04 13:52 GMT using 1024-bit key, key ID E2BB3EE5
However, only the 'good test key' user ID is certified:
pub 1024R/E2BB3EE5 2001-09-04 bad test key
sig E2BB3EE5 2001-09-04 bad test key
uid good test key
sig C06EC3B5 2001-09-04 Florian Weimer #RC=no RA=RUS CR=own#
<Florian(_dot_)Weimer(_at_)rus(_dot_)uni-stuttgart(_dot_)de>
sig E2BB3EE5 2001-09-04 bad test key
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898