Werner Koch wrote: > On Thu, 14 May 2020 23:01, Stefan Claas said: > > > you would consider including it in GnuPG too and reflecting it in > > the respective RFC? > > The User-IDs are an integral part of OpenPGP and at the core of its > design. All kind of important information is bound to the user ids > and thus a key w/o a user ID is basically useless.
I understand that a UID is an integral part, for example if people need a certification from a trusted CA, which usually requires a full name and email address. What I don't understand is why you are not liking the idea to allow GnuPG to automatically import and process UID-less public key blocks, if people who trust the GnuPG brand ask for this? Nobody is asking for UID-less key creation as default behavior. > There is one exception for this: Derek Atkins (one of the original PGP > authors) requested certain features to allow the use of a stripped > down OpenPGP key by space and CPU constrained devices. We integrated > this into the standard because it is better to use even a stripped > down format than to come up with just another format. > > Direct key signatures were never intended to replace User-IDs and > their self-signatures. > > And no, it is not a privacy issue. If you don't want to put your name > or mail address into the user ID, just don't do it but use a random > string or even the keys fingerprint. For the majority of use cases a > mail address is still the best way to identify and even lookup a key. GnuPG always asks IIRC new users for their Name and email address and does not tell them in advance that they can use a free form UID, without an email address, thus being able to use a key for multiple accounts or purposes, without adding additional UIDs. Best regards Stefan -- Signal (Desktop) +4915172173279 https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
