Am Dienstag 16 November 2021 18:06:02 schrieb Andrew Gallagher via Gnupg-users: > On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote: > > Am I seeing a starting trend here? Do some people think that it is > > better practice to have only have email address as user id?
Some email providers offering pubkeys via WKD only accept email-only uids, see the policy flag "mailbox-only" in https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/13/ > It is reasonable therefore to take the view that the non-email portion > of a userID is cruft at best (and an unnecessary leakage of personal > information at worst). There are two potential problems here: a) usability in case of deliberately missleading information madam president <joe....@example.ntvtn.de> b) abuse prevention and responsibility on case of illegal information Mr X is an XXX he lives at Drowning Street YY <joe....@example.ntvtn.de> However an email provider can exclude those ab-use-cases in their terms of service with their users and hold them responsible in case of violation. So it is still okay to use uids which are no email addresses or some uids with more or other information. Just do not expect other services to carry this information, do not fully trust them (just like you do not trust pubkeys by default) and be prepared to take responsibility for the contents you are transmitting. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
