On Tue, Apr 15, 2008 at 09:36:04PM +0200, Herbert Furting wrote: > On Tue, 2008-04-15 at 14:09 -0400, David Shaw wrote: > > On Tue, Apr 15, 2008 at 03:10:47PM +0200, Herbert Furting wrote: > > > To say it short: In my opinion every information that you sign/certify > > > should be actually validaded. > > > It probably makes even sense to check if a keyholder specified all of > > > his given names,... and perhaps one shouldn't sign UIDs like "Geroge > > > W. Bush" if the W. is an abbreviation, while "Harry S Truman" would be > > > ok,.. as the S wasn't an abbreviation (iirc). > > > > Not at all (though it is true that the S in Harry Truman's name isn't > > an abbreviation). > > > > When you sign a UID, you're signing what is there, and not making any > > statement beyond what is there. You don't need to insist they spell > > out all of their names. > Well I think it's generally better to always use only full names,... > that helps to prevent collisions like if my name would be "David > Something Shaw". Of course I say that it only helps,.. it doesn't fully > solve this.
It is irrelevant to this. There are a lot of "David Shaw"s in the world, and it's pointless to try and prevent collisions in a set that large. The disambiguation in OpenPGP keys is really the email address, not the name. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
