David Shaw wrote: > You always have the option to not sign, of course. But you don't get > to tell the keyholder what information he puts in his user ID string. > You don't create that, and it must be signed completely or not signed > at all.
Of course it is not possible to tell the key holder what information they type in. My original statement was that it would be better for GnuPG to not discourage split UIDs, and that there is no reason to be signing two pieces of data (real name and email) with one signature. Else, why not include the photo in there as well, so you have to sign "Real Name (Comment) <email address> [photo]", and each key has to include the photo /n/ times. After all, why should the signer get to decide to sign only the name and email, and not the photo!? If it's somehow more secure to combine name and email into one string, then why doesn't that argument apply to photo UIDs as well? (I realize that there are technical reasons for treating the photo as a separate ID, since it's a distinct data type. But the security implications are the same.) -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
