-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 03-02-2011 17:59, Daniel Kahn Gillmor escribió: ... > When keysigning, if i get asked to certify a key with a "comment" like > this, i don't know what to say. What am i certifying if i say that this > key really belongs to "Joe Schmoe (no comment) <j...@example.org>" ? "Joe > Schmoe <j...@example.org>" i can understand and certify, but the > intervening comment doesn't seem sensible or verifiable.
Well, but a comment is just a comment... you don't have to verify them... > There are indeed some possibly legitimate uses of comments, but many of > them would be better handled with notations attached to subkeys or > notations attached to particular user IDs. I don't know how to attach notations to subkeys, but probably in that case they would remain unread. People check UIDs, but how often do we check subkeys? When you create the key, you need to create the first UID, so the comment is already attached to a particular user ID. Later you can make another UID, make it the main UID, revoke the old one, etc. > What do other people think? I don't see the problem. Comments may be useful, or may remain empty, or may include something not useful... but it's just a comment. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNS2XbAAoJEMV4f6PvczxAJX8H/1Di94xPmVLSIgRpS43ft52f J3YHv6GqQ/35br7nOXKEqwnfRxsnLE6bsNlCW62cu92Lubx8yUaUKK29ho2X5r7A fCLLZ6GssZ1g1hOPM67hoVgm905NjqPaNQsofMt25gFTnM7AkaZZFsWLrd4+Mlqa ygqSyp1lojht+6Jg+mx5romZTScVLdsiWnqfWhJ7bp/N2Hr2+EENi4RU1I/MKY+F aH88gnuCa0F9yHCPpLjEBxKI8Ij0xe9XduBIVGUqu6crQrL897y+OrNaoxvJ3C9f vOtdwNmUVK7MRhy7LDIsKGuAA8ZFw07V0C9vTmXGgisXy89YE4gWo+QEPFJCVXI= =bUo8 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
