On 04/24/2014 10:49 PM, Hauke Laging wrote: > a) Many keys are certified without being verified. This is IMHO not so > much a problem if this is transparent. Think of --ask-cert-level. BTW: I > really don't like the --min-cert-level default to be 2 because this > forces the users to either ignore this level (setting 0) or to "lie" > which also reduces the "authenticity".
yes, users *should* ignore --ask-cert-level: https://www.debian-administration.org/users/dkg/weblog/98 > b) There are user IDs with which it becomes strange to speak of > "authenticity". E.g. if it is only an email address > (sevgseui...@example.org). why is this strange? a certificate that binds a key to an e-mail address is authentic iff the owner of that e-mail account controls that key. > Thus I would like to offer "accepted" as a possible alternative. I guess > that shows the user decision. Maybe even as a combination: "authenticity > accepted". Accepted implies that there is someone doing the accepting. "Acceptable" might be better, but it still leaves me asking "acceptable to whom?" and "acceptable for what?" -- if it's in a context where it's obvious that the answer is "acceptable for me to encrypt messages to it, or to verify message signatures from it" then that might not be too bad. > Another point: > Is it a good idea to use the same terms for both the key itself and user > IDs? The terminology should make sense to non-technical people > especially from the perspective that a "valid" key (certificate) can > contain "invalid" user IDs. i agree that this is confusing. It also confuses people that we continue to call certificates "keys", and then sometimes we actually want to talk about the keys themselves, and also call those "keys" > As different keys (especially fake ones) can contain exactly the same > user ID it seems strange to me to apply the term "authenticity" to a > user ID. The key is authentic for this user ID (in contrast to other > keys which may have the same). the term would need to apply to the <key,userid> combination, not to the userid in isolation. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
