On 2020-05-25 at 03:13 -0400, Robert J. Hansen wrote:
> If you can convince the list that the FAQ needs updating, I'll update
> it. But otherwise, I'm going to consider this yet another opinion on
> what the right thing to do is, and although I certainly think it's on
> topic for the list, I'm not
> Would that be okay?
>
> Would that be worthwhile?
By all means, go for it! And if you can get the community to say "yeah,
that's a good idea" I'll happily merge 'em in.
I know I keep on saying "if the community wants it...". That's the hard
and fast rule for the FAQ: it represents the consen
> The point is, if I met you as Raubritter, a government-issued id showing
> a different name is unlikely to help.
I refer you back to the part of the FAQ which says the certificate
signing process is controversial because every Tom, Dick, and Harry has
their own idea on how to do it.
If you can
On 2020-05-24 at 00:14 -0400, Robert J. Hansen wrote:
> > I see a big hole in the validation part. The steps providex are
> > validating the offline identity but not matching it to the certificate
> > uid.
>
> Correct, and that's by design.
>
> There is no -- *NO* -- generally understood meaning
On 5/23/20 4:30 PM, Robert J. Hansen wrote:
I mean, this seems like 95% of what you want. You just want the
reference to an email address in step 4 removed?
If you can get the community to agree, I'm all in favor.
- All gpg operations (key generation, encryption, decryption) are
carried out
> I see a big hole in the validation part. The steps providex are
> validating the offline identity but not matching it to the certificate
> uid.
Correct, and that's by design.
There is no -- *NO* -- generally understood meaning for user IDs beyond
"the name here is a meaningful term of address f
On 2020-05-23 at 12:30 -0400, Robert J. Hansen wrote:
> > - The trust in the correspondent's public key is established only
> > by comparing the key fingerprint derived programmatically from the
> > locally stored key-file and a copy independently obtained from
> > the owner. The only identificatio
Robert J. Hansen wrote:
> > - The trust in the correspondent's public key is established only
> > by comparing the key fingerprint derived programmatically from the
> > locally stored key-file and a copy independently obtained from
> > the owner. The only identification of a public key is its
> >
> - The trust in the correspondent's public key is established only
> by comparing the key fingerprint derived programmatically from the
> locally stored key-file and a copy independently obtained from
> the owner. The only identification of a public key is its fingerprint.
> Since the public key i
Robert,
Hi and thanks for the reply. Salsa is cooking. And since you
are so kind:
It would help a whole lot if GPG included some authoritative
documentation on how to use the program in the following scenario:
- The trust in the correspondent's public key is established only
by comparing the ke
Given the number of people that still manage to create (and distribute)
their keys with glaring mistakes, such as misspelling their own domain
name/tld, or providing a key which doesn't match their email address.
Too many people is sending and receiving openpgp emails by actually
encrypting the co
Robert J. Hansen wrote:
> > First, let me mention that Web of Trust is to me not a useful
> > public key verification mechanism, as it is compromises my privacy.
>
> Only if your sigs are exportable. Local sigs are a perfectly
> legitimate way to use the WoT. If Alice locally signs Bob's
> cer
> First, let me mention that Web of Trust is to me not a useful public
> key verification mechanism, as it is compromises my privacy.
Only if your sigs are exportable. Local sigs are a perfectly legitimate
way to use the WoT. If Alice locally signs Bob's certificate and sets
Bob up as a trusted
On 21/05/2020 14:34, LisToFacTor via Gnupg-users wrote:
>> The proper thing for gpg program to do would be to allow the
> personally identifiable information in the key to be optional,
> and to warn the user generating such key that he will not be able
> to participate in the Web of Trust.
I think
On 5/21/20 10:52 AM, Ingo Klöcker - kloec...@kde.org wrote:
On Donnerstag, 21. Mai 2020 00:14:40 CEST LisToFacTor via Gnupg-users wrote:
I suppose you also entered an empty string for "Email address":
`` > Real name:
Email address: f...@example.com
You selected this USER-ID:
"f...@example.co
On Donnerstag, 21. Mai 2020 00:14:40 CEST LisToFacTor via Gnupg-users wrote:
> English is not my native tongue, and the word I've chosen is based
> on my interpretation of the dialog presented by the program when
> generating the key:
>
> > GnuPG needs to construct a user ID to identify your key.
>
or such information is refused, and the service
is summarily denied, (as outlined above) then it is not okay for the
program designer to wash his hands with "...so why didn't you just
invent something...".
Of course, it would be a one-minute job to change the prompt to
"ent
> On 20 May 2020, at 18:51, LisToFacTor via Gnupg-users
> wrote:
>
> Demanding a piece of information from someone who would prefer not
> to give it is equally user-hostile, especially so if he who demands
> it does so only because it is required by some internal mechanics
> of the system he co
equally user-hostile, especially so if he who demands
it does so only because it is required by some internal mechanics
of the system he constructed. Answering user's objection to such
request by telling him: "well, if you don't want to give me this
information, just invent something...&
19 matches
Mail list logo
