David Shaw wrote: >>>Some people >>>will not sign such a user ID though, > > It's not an issue of improving the trust, it's an issue of > disambiguation.
Right, so why is it any better to have a key with: 0x99242560 David Shaw <[EMAIL PROTECTED]> than to have 0x99242560 David Shaw 0x99242560 [EMAIL PROTECTED] (two UIDs) You still have the same level of disambiguation. Why would someone be unwilling to sign the one, but willing to sign the other? > Questionable usefulness *in practice*, I said. In practice, one of > the major uses for GPG is email, and mail clients tend to look for > keys by email address. It's a email client design issue, not a > cryptographic issue. Yes, a key without any UID containing an email address is of questionable usefulness. Agreed. > My key has both my name and > email address, and I don't want people signing just one. But if they can only prove one part of the data to their satisfaction, why should they not sign only that part? > Give a challenge cookie to the person when you meet them, and ask them > for it in the email challenge. It proves that the person who is > responding to your mail is either the physical person you met, or is > at least in communication with them. "In communication with them" is not good enough for the level of trust that these checks imply. Besides, the scenario I described already implies that they must be in communication. But it's really irrelevant to the original point, which is that in many cases, the real name doesn't matter; only the email address/key does. "If I know a person only by email, then that email *is* the person to me." In that case, if the email is trusted, then the name on the UID is irrelevant. I might be willing to trust that key ID 0x99242560 really is used by the holder of email [EMAIL PROTECTED], but not that the person in question really is named David Shaw. ... and in most cases, I probably don't really care about the real name of the keyholder, only about the email address. So why should I have to sign both in order to declare this trust? -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
