On 8/04/2015 12:41 am, MFPA wrote: > >> allowing them to drop the standard format of "name >> <em...@example.net>" and then they're shocked that doing so might >> produce unintended consequences? > > Don't know about "shocked", but unintended consequences for a > non-standard UID scheme was indeed the issue. > > The OP started this thread with a plug for his version of the GnuPG > smart card. Part of his scheme was to generate keys with a simplified > UID format that contained just an email address.
Said OP needs to spend about a year running an SMTP server before making a design decision like that, but anyway. >> Perhaps I'm being unreasonable, but surely if you go out of your >> way to make sure that a particular pattern does *not* appear in >> your UID then it is intended that searching on that pattern should >> not match your UID. Now granted, that intention may have been >> poorly considered by said key owner, > > I pointed out that at least one MUA sends the email address enclosed > in angle brackets as the search string for GnuPG to locate the key. No > angle brackets around the email address means no key found. The OP > reconsidered his scheme and added the angle brackets. Issue resolved. Good. >> but I'd hardly call it a bug in GPG for not anticipating that. >> After all, all it is doing is matching the pattern specified by the >> owner of the key. > > Nor would I. But if somebody creates a key UID with just a bare email > address, is it sensible to accept that email address as a match when > selecting keys? Ah, but if it is truly just the email address then is it sitting in the email field of the UID or the name field? If it's the latter then you could match any part of it you liked normally. An email client is likely to have a small fit at that point, but the email client is designed to interact with a specific set of transmission protocols, in this case SMTP. So if a GPG user wants a UID that does not meet the criteria for SMTP addressing then the GPG user can't expect it to work automatically. As for a vendor foisting poor configuration on end users ... well, the instinctive reaction is to reach for a LART, but that won't be necessary really because that vendor will be out of business within a year. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
