On Tue, Oct 25, 2005 at 11:38:49PM -0400, David Shaw wrote: > On Tue, Oct 25, 2005 at 08:50:11PM -0500, Alex Mauer wrote: > > David Shaw wrote: > > >Some people (myself included) check both before signing. The name via > > >some sort of formal ID, and the email via a mail challenge. > > > > As do I, at least for a level 3 signature. > > > > >Still, if you don't want to bind both tokens together, just create an > > >user ID of <[EMAIL PROTECTED]> without the name attached or a user > > >ID of "Alex Maurer" without the email address attached. > > > > I understand that it's possible to do this. I was just lamenting the > > fact that it is very strongly discouraged by GnuPG: > > > > Real name: > > Name must be at least 5 characters long > > > > >Some people > > >will not sign such a user ID though, > > > > I don't understand why. If you trust the association of the Name and > > key, how/why would having an email address in there as well improve the > > trust? > > It's not an issue of improving the trust, it's an issue of > disambiguation. In my case, there are many different David Shaws out > there, including a furniture designer in New Zealand, a Pulitzer prize > winning journalist in the US, and a former MP for Dover in the UK. > I'm none of these. There are at least 19 David Shaws on the keyserver > net as well, not including me. My email address globally indicates > which David Shaw I am.
Isn't this why some people use UIDs like "John Doe (Amsterdam, The Netherlands, 1970-01-01)" next to the email-ones? Bye, Joost -- Joost van Baal http://abramowitz.uvt.nl/ Tilburg University [EMAIL PROTECTED] The Netherlands
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
