On Wednesday 26 October 2005 6:26 pm, Alex Mauer wrote: > Right, so why is it any better to have a key with: > 0x99242560 David Shaw <[EMAIL PROTECTED]> > > than to have > 0x99242560 David Shaw > 0x99242560 [EMAIL PROTECTED] > (two UIDs) > > You still have the same level of disambiguation.
No, because you've separated the two - there has to be a reason to do this and therefore you are implying that there is a difference between the two UID's. > Why would someone be > unwilling to sign the one, but willing to sign the other? I wouldn't sign the email only one because an email address can be accessible to more than one person. If I'm encrypting to this key, I want to know to WHOM I am writing. I wouldn't sign the name-only one either - I cannot contact the person with that name because I have no idea if the email address is solely for the person named in the other UID. A UID should reflect how I know a person. I've got several UID's and if you know me as webmaster, you sign that one, if you know me from the LUG you sign that one, if you know me professionally, you sign that one. Without an email address and a name, a UID is rather useless. > Yes, a key without any UID containing an email address is of > questionable usefulness. Agreed. But when signing a key, I'm signing a specific UID. It is bad practice to sign all UID's belonging to any one key. "Sign only the ones you can verify" is my advice at keysigning events. If there's no email I cannot verify that UID. If there's no name, I cannot verify that UID. > But if they can only prove one part of the data to their satisfaction, > why should they not sign only that part? IMHO, they should not sign at all. A signature is a *public* testimony that you have verified this person. You do not sign for your own benefit but to assist others. It is other people's perceptions of the act of signing that are important. Sign locally - you get the benefits and the rest of us do not get more untrustworthy signatures on otherwise trusted keys. > "In communication with them" is not good enough for the level of trust > that these checks imply. Besides, the scenario I described already > implies that they must be in communication. The challenge token is sufficient because it is used to show that the person you met and verified personally also has access to the private key at the address indicated. One form of challenge is explained here: http://www.dcglug.org.uk/linux_doc/gnupgsign.html#transfer A verification challenge would use a modified procedure that nevertheless ensures that the person I met is the person with access to both the email account and the private key. > But it's really irrelevant to the original point, which is that in many > cases, the real name doesn't matter; only the email address/key does. The real name always matters. email-only verification is pointless - it doesn't strengthen the web of trust. > "If I know a person only by email, then that email *is* the person to > me." So sign it locally. By signing it with an exportable signature, you are trying to indicate to ME that you have verified the identity of that person, not just the email account. > In that case, if the email is trusted, then the name on the UID is > irrelevant. Not true. By all means sign that locally, but do not lead others to believe you have verified more than you have. > I might be willing to trust that key ID 0x99242560 really > is used by the holder of email [EMAIL PROTECTED], but not that the > person in question really is named David Shaw. ... and in most cases, I > probably don't really care about the real name of the keyholder, only > about the email address. So why should I have to sign both in order to > declare this trust? You don't if you sign locally. You do if other people are going to be using that signature in their web of trust. You should advertise this policy and then people like me could set your trust level to "Do NOT trust" so that none of your signatures ever count towards my trust calculations. I cannot trust your signatures if you refuse to verify the *person*. That's what it comes down to - your exportable signatures impact on MY web of trust and if you are not going to complete the full verification, others cannot trust your signatures. I would recommend you only sign keys locally until you are willing to accept how other people would be affected by your incomplete verification policy. BTW. Knowing this in advance, I would not sign your key even if I could verify your physical identity, fingerprint and email address. It would send the wrong signal to those who already know me. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
pgpGl5ESRk5zB.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users