Robert J. Hansen wrote: > > - The trust in the correspondent's public key is established only > > by comparing the key fingerprint derived programmatically from the > > locally stored key-file and a copy independently obtained from > > the owner. The only identification of a public key is its > > fingerprint. Since the public key is either known to an adversary, > > or it is very hard to guard against such eventuality, the public > > key itself should not provide the adversary with any useful > > information. > > Okay, but this seems largely redundant with section 8.12 of the FAQ, > which, uh ... does exactly this. What exactly are you objecting to?
[...] I think that many people have multiple email accounts and would like to see a way to have a procedure in place with GnuPG that would allow them to use such a public key, with only one UID (or none), covered in the FAQ. The problem is that we IMHO still stick to procedures Mr Zimmermann, while not being a cryptographer back then, has invented in the early 90s, which may no longer fit in 2020. It should be also pointed out, to the interested reader, that 99% of public key crypto software, I am aware of, does not require an email address, a UID, to manage public keys (in a key ring). Regards Stefan -- https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
