On Tue, Oct 25, 2005 at 06:22:10PM -0500, Alex Mauer wrote: > David Shaw wrote: > > On Mon, Oct 24, 2005 at 04:21:32PM -0500, Alex Mauer wrote: > > > > > > I don't agree with this. The user ID system in all OpenPGP products > > gives a regular UTF-8 string. Signatures simply bind that string to > > the primary key. The system says exactly "Alex Mauer belongs with key > > 0x51192ff2" and "[EMAIL PROTECTED] belongs with key 0x51192ff2". > > You cannot sign a user ID without binding it to a key. > > When the string "Alex Mauer <[EMAIL PROTECTED]>" is bound to > 0x51192ff2, there's also an association made between the two parts of > the string. The system does /not/ say "Alex Mauer belongs with key > 0x51192ff2" and "[EMAIL PROTECTED] belongs with key 0x51192ff2". It > says "Alex Mauer and email [EMAIL PROTECTED] belong with 0x51192ff2" > as one statement. It's a subtle, but important, distinction. > > I should be able to affirm that [EMAIL PROTECTED] uses 0x51192ff2 > without being forced to also affirm that "Alex Mauer" uses 0x51192ff2, > or vice versa. > > Obviously, with these examples I'm happy to affirm both, since hey .. > it's me. But [hopefully] you get my point.
Some people (myself included) check both before signing. The name via some sort of formal ID, and the email via a mail challenge. Still, if you don't want to bind both tokens together, just create an user ID of <[EMAIL PROTECTED]> without the name attached or a user ID of "Alex Maurer" without the email address attached. Some people will not sign such a user ID though, and at least the name-only one is of questionable usefulness in practice. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
