On 2/8/11 6:27 PM, MFPA wrote:
> Does this ambiguity cause you to not consider the string "John Smith"
> to be a legitimate User ID?
Let's stop talking about 'legitimate' user IDs, because there is no
authority that can determine for all users what are or are not
'legitimate' user IDs. Each user/
Hi
On Monday 7 February 2011 at 5:37:11 AM, in
, Daniel Kahn Gillmor wrote:
> Here are some legitimate User IDs that do not
> correspond to a single individual:
> * "deb.torproject.org archive signing key" * "Debian
> Archive Automatic Signing Key (6.0/squeeze)
> "
> These are legitimate to
On 02/07/2011 03:07 AM, Werner Koch wrote:
> In OpenPGP parlance the term "key" is used as a synonym for the term
> "keyblock" which in turn is the OpenPGP saying for a "certificate".
While i think this terminology is unfortunate (how do we refer to the
key without any additional metadata attache
On Sun, 6 Feb 2011 20:46, d...@fifthhorseman.net said:
> The User ID is the most commonly-used way to *find* the key -- but it
> does not identify the key. It identifies the user. The fact that
> people are willing to cryptographically bind the User ID to the key (via
In OpenPGP parlance the t
On 02/06/2011 07:01 PM, MFPA wrote:
> What's a "legitimate User ID?" My understanding is that, whilst the de
> facto standard is a name and an email address, there is no compulsion
> over what string to choose.
Here are some legitimate User IDs that do not correspond to a single
individual:
* "d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Sunday 6 February 2011 at 7:46:30 PM, in
, Daniel Kahn Gillmor wrote:
> and those
> do have legitimate User IDs.
What's a "legitimate User ID?" My understanding is that, whilst the de
facto standard is a name and an email address, there is
On 02/06/2011 02:08 PM, Werner Koch wrote:
> On Fri, 4 Feb 2011 16:51, d...@fifthhorseman.net said:
>
>> Some translation changes might still be worth doing; I would like to see
>> the example User ID lose the comment (including "(Der Dichter)" in an
>> english prompt is not helpful), and i think
On Fri, 4 Feb 2011 16:51, d...@fifthhorseman.net said:
> Some translation changes might still be worth doing; I would like to see
> the example User ID lose the comment (including "(Der Dichter)" in an
> english prompt is not helpful), and i think the wording should also be
Fine with me, if we d
On Fri, 4 Feb 2011 20:08:08 +, MFPA wrote:
> IMHO, the comment field is firmly in the "you don't need this at all"
> category. If Heinrich Heine really wants his UID to be
> "Heinrich Heine (Der Dichter) " he can
> type "Heinrich Heine (Der Dichter)" in the name field and
> "heinri...@duesseld
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 3 February 2011 at 11:22:54 PM, in
, Doug Barton wrote:
> FWIW I would love to see the comment field moved to
> expert mode since it rather clearly qualifies under the
> "If you don't already know that you need this, you
> don't n
On Thursday 03 February 2011, Matthew James Goins wrote:
> Personally I've never seen a comment that helped me identify the
> owner of a key in a meaningful way.
In my keyring there are several keys where the comment contains the date
of birth (and in some cases even the place of birth) of the ow
Daniel Kahn Gillmor writes:
> I'd like to propose that GnuPG only prompt the user for a "Comment" for
> their User ID under --expert mode.
I totally agree with this proposal. If someone wants to add a comment,
they should be able to, but I believe that prompting for this on every
key generation
On 02/04/2011 01:12 AM, Werner Koch wrote:
> Many might nor know that
> there is a help feature for every input field:
Indeed, i had no idea that this was the case. Thanks for the tip.
> but many more users are using a GUI for key generation and thus it is up
> to the GUI to preset the comment f
On 2/4/11 2:16 AM, Doug Barton wrote:
> I recognized it, but I don't think the answer is as central to the
> question of moving comments to expert mode as you do. Daniel's argument
> boils down...
I wasn't responding to Daniel. I was responding to Matt Goins, as was
shown in my message, who said
On 02/03/2011 17:52, Robert J. Hansen wrote:
On 2/3/11 8:36 PM, Doug Barton wrote:
>> then it's disingenuous to say "but they can just use expert mode."
>
> Why?
Because it does not recognize the validity of a well-answered question.
I recognized it, but I don't think the answer is as cent
On Thu, 3 Feb 2011 21:59, d...@fifthhorseman.net said:
> * new users see the prompt and think they need to enter something
> there, without understanding why or what to put there. This leads to
> people either making a witticism (e.g. "No Comment"), repeating their
I have only seen a few of th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 03-02-2011 22:17, Doug Barton escribió:
> On 02/03/2011 17:10, Robert J. Hansen wrote:
...
>> The problem with anecdote is everyone's anecdote is different. As a ham
>> radio operator (KC0SJE), I have a fair number of keys that have comments
>> o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 03-02-2011 17:59, Daniel Kahn Gillmor escribió:
...
> When keysigning, if i get asked to certify a key with a "comment" like
> this, i don't know what to say. What am i certifying if i say that this
> key really belongs to "Joe Schmoe (no comment
On 2/3/11 8:36 PM, Doug Barton wrote:
>> then it's disingenuous to say "but they can just use expert mode."
>
> Why?
Because it does not recognize the validity of a well-answered question.
When a question is asked and answered, it is good form to recognize the
answer, rather than say "... well,
On 02/03/2011 17:10, Robert J. Hansen wrote:
On 2/3/11 5:32 PM, Matthew James Goins wrote:
Personally I've never seen a comment that helped me identify the owner
of a key in a meaningful way.
The problem with anecdote is everyone's anecdote is different. As a ham
radio operator (KC0SJE), I ha
On 02/03/2011 17:23, Robert J. Hansen wrote:
On 2/3/11 8:17 PM, Doug Barton wrote:
So, you're saying that hams are not smart enough to figure out how to
use expert mode if they really want this functionality? :)
You're moving the goalposts. That was responding to someone who denied
the useful
On 2/3/11 8:17 PM, Doug Barton wrote:
> So, you're saying that hams are not smart enough to figure out how to
> use expert mode if they really want this functionality? :)
You're moving the goalposts. That was responding to someone who denied
the usefulness of comments at all. If I'm establishing
On 2/3/11 5:32 PM, Matthew James Goins wrote:
> Personally I've never seen a comment that helped me identify the owner
> of a key in a meaningful way.
The problem with anecdote is everyone's anecdote is different. As a ham
radio operator (KC0SJE), I have a fair number of keys that have comments
o
On Thu, Feb 03, 2011 at 04:07:40PM -0500, Robert J. Hansen wrote:
> Whenever people talk about what "most users" need, I have to ask to see
> the user survey that's showing this.
I don't think it matters what the real numbers are. We've all seen user
ids with utterly unhelpful comments, and it sta
On 2/3/11 6:09 PM, Jameson Rollins wrote:
> Just out of curiosity, can you explain why you wouldn't sign dkg's
> hypothetical user ID?
Because with a comment like that, my impression would be that he was
aiming to deliberately yank my chain: and why should I put up with that?
To use that as an ex
On Thu, 03 Feb 2011 17:54:39 -0500, "Robert J. Hansen"
wrote:
> > But i suspect he would not want to certify this User ID:
> >
> > Daniel Kahn Gillmor (I am really Robert Hansen)
>
> Correct. Because the presence of my signature means something. The
> *absence* means *nothing at all*, and y
On 2/3/11 6:30 PM, David Shaw wrote:
> Or are you arguing the *meaning* of the certification (you may or may
> not sign the user ID, but if you did sign it, the comment part should
> be considered null and void in terms of your particular
> certification)?
This. I may agree with the comment, I ma
On Feb 3, 2011, at 5:10 PM, Robert J. Hansen wrote:
>> I invite you to look through the User IDs in your own keyring, from the
>> perspective of a potential certifier, and ask yourself "what does it
>> mean for me to certify these comments?"
>
> Zero. Comments don't get certified. All my signat
On 02/03/2011 14:22, Jameson Rollins wrote:
I have to agree with Daniel that I have in fact honestly never spoken to
anyone who was*not* confused by that field. I can't ever remember
seeing a comment field used in any way that made sense to me.
I'm as pedantic as the next geeky dev, but I agr
On 02/03/2011 15:16, Hauke Laging wrote:
Am Donnerstag 03 Februar 2011 23:22:38 schrieb Jameson Rollins:
I think this is why his original suggestion was to move it instead to
--expert. Moving it to --expert makes a lot of sense to me.
Perhaps it makes sense to extend the output of --gen-key
Am Donnerstag 03 Februar 2011 23:22:38 schrieb Jameson Rollins:
> I think this is why his original suggestion was to move it instead to
> --expert. Moving it to --expert makes a lot of sense to me.
Perhaps it makes sense to extend the output of --gen-key by a hint like
"Additional features are
On 2/3/11 5:47 PM, Daniel Kahn Gillmor wrote:
>> By certifying the full user ID you are also certifying the comment.
This is not how either OpenPGP or GnuPG work.
Certifiers get to define what their certifications mean. Bang, period,
end of sentence. There are *no* certification semantics in Op
On 2/3/11 5:47 PM, Daniel Kahn Gillmor wrote:
> Just to clarify this point:
This is not a clarification: this is a confusion.
> If i meet Robert in person, show him my gov't IDs, my fingerprint, and
> we exchange e-mails, Robert would probably be fine certifying this User ID:
>
> Daniel Kahn Gi
On 02/03/2011 05:22 PM, Jameson Rollins wrote:
> On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen"
> wrote:
>> Zero. Comments don't get certified. All my signature means is I have
>> met this person face to face, have seen two forms of government
>> identification, have confirmed a fingerp
On Thu, 03 Feb 2011 16:30:00 -0500
Daniel Kahn Gillmor articulated:
> On 02/03/2011 04:07 PM, Robert J. Hansen wrote:
> > On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote:
> >> * most people just need a simple identity-driven OpenPGP
> >> certificate, one that matches their name and e-mail address.
I like the idea of adding the (Optional) to the prompt because I'm a
big fan of optional fields being marked as such. This is an simple and
elegant fix to an issue.
And I'd hesitate to move it to expert since we have been (ab)using the
comment field for our keys, then again this is being used by s
On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen"
wrote:
> On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote:
> > my "user survey" is from several years of trying to personally help
> > dozens of people of all skill levels learn how to use OpenPGP for secure
> > messaging. Regardless of the inte
On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote:
> my "user survey" is from several years of trying to personally help
> dozens of people of all skill levels learn how to use OpenPGP for secure
> messaging. Regardless of the intelligence or technical savvy of the
> people i've personally helped get m
On 02/03/2011 04:07 PM, Robert J. Hansen wrote:
> On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote:
>> * most people just need a simple identity-driven OpenPGP certificate,
>> one that matches their name and e-mail address.
>
> Whenever people talk about what "most users" need, I have to ask to see
>
On 2/3/11 3:59 PM, Daniel Kahn Gillmor wrote:
> * most people just need a simple identity-driven OpenPGP certificate,
> one that matches their name and e-mail address.
Whenever people talk about what "most users" need, I have to ask to see
the user survey that's showing this. History has shown t
Hi folks--
I'd like to propose that GnuPG only prompt the user for a "Comment" for
their User ID under --expert mode.
Here's why:
* most people just need a simple identity-driven OpenPGP certificate,
one that matches their name and e-mail address.
* new users see the prompt and think they nee
41 matches
Mail list logo
