GPG User ID Comments and RFC 5322

Philippe Cerfon philcerf at
Sun Sep 13 19:04:55 CEST 2009

On Sun, Sep 13, 2009 at 12:28 AM, David Shaw <dshaw at> wrote:
> GPG generally ignores comments.  They're intended as messages from one human
> to another, and not GPG's responsiblity.  You can search on the field, but
> (with one exception) GPG will not act differently depending on what it finds
> in there.
Isn't this a problem? If gpg handles keys (or even different keys)
with user IDs that only differ by their comment,.. but gpg ignores

> (The exception is if you put a comment in that says the key is "insecure" or
> "do not use", GPG will believe you)
What if use insecure in another language? Or "non-insecure"? :P

Apart from all that, I've read some pages of the RFC where it says
User IDs are basically just strings without any special format. So
shouldn't gpg ignore this comment-speciality from emails and just take
it as strings?


More information about the Gnupg-devel mailing list