Besides, as the Bard says, what's in a name? Binding a key to a name doesn't tell you much. First consider what it is you want to prove, and then you will know what bindings you require.
Consider also the distinction between the information required to investigate an identity and the information required to use it. Banks, insurers, employers, etc. want a great deal of information to establish the identities of those with whom they do business, but they don't write it all on the outsides of envelopes that they mail to us. Maybe you want to check my DNA before signing my key, but should I make my genome part of my identifier? Trust in a signature derives from the signer, not from the subject. The user ID really only needs to be a label with sufficient information to decide: "this seems to be the person I want, so I will investigate further." No matter what information is asserted in the user ID, you would have to test the assertion by other means before accepting the identity as meaning what you require. *Once the identity is authenticated* you can use the key binding as a shortcut, assuming that you trust the key's holder to take proper care with it. And then there's the question of roles. "HRH Izzy IV, King of Upper Loa, Duke of Absentia, Protector of the Faith" is a bit much when exchanging mail with relatives, but a salesman might want to provide quite a bit of detail when cultivating business relationships with strangers all over the globe. Generalizing, your business role ID might need more information than your personal role ID, and details would be different and different in nature when acting for your employer vs. for your church or civic organization. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is "intuitive" he means the exact opposite.
pgp5nlY9iKoBG.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
