Trust, UIDs, signing & revoking
Wed Nov 21 00:14:01 2001
On Tue, Nov 20, 2001 at 02:01:51PM -0800, Len Sassaman wrote:
> On Tue, 20 Nov 2001, Phil Brooke wrote:
> > I'm thinking about the problem where email addresses tend to be rather
> > short-lived. Should a UID with just the name be added for the purpose of
> > collecting signatures?
> It has become my opinion that yes, this is a good idea.
How do you reconcile this with the fact that proper names are not unique?
I interpret a signature on a name-only key as asserting "this key belongs
to a person named Bob Jones". What is the usefulness of that signature
in a world containing many Bob Joneses?
Plus, proper names can be changed :-). It takes some dedication but I
can imagine it happening if the payoff were big enough. Email doesn't
have an analogous problem because it's usually hard for administrative
control over your email address to transition to someone else without
your knowledge (if not consent).