>> >> I don't understand why. If you trust the association of the Name and >> key, how/why would having an email address in there as well improve >> the >> trust? > >It's not an issue of improving the trust, it's an issue of >disambiguation. In my case, there are many different David Shaws out >there, including a furniture designer in New Zealand, a Pulitzer prize >winning journalist in the US, and a former MP for Dover in the UK. >I'm none of these. There are at least 19 David Shaws on the keyserver >net as well, not including me. My email address globally indicates >which David Shaw I am. >
Well, it still may make sense using a free-form UID. Imagine a David Shaw from London has created a free-form UID which is signed by Jack upon checking his personal ID card. Now this Davin Shaw adds a new UID with email address to it, Jackcould now also challenge/response the listed email address. After such a successful check he can successfully associate that email address with David Shaw from London as only he possesses the private key and could have decrypted the message. I think it does not matter whether there are 10 or only 1 David Shaws listen of server if you know which key you have verfied. But as far as I know this concept is not taken into consideration in current gpg implementations. -- Realos _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
