User Ids without email address
Wed Mar 26 01:31:01 2003
Content-Description: signed data
On Monday 24 March 2003 08:34, Huels, Ralf SCORE wrote:
> Ingo Kl=F6cker wrote:
> > So in order to avoid the loss of trust chains because of no
> > longer used resp. lost email addresses it seems to make sense to
> > add a user id without email address to each key.
> I have a UID on my keys that contains only my name, date and
> place of birth:
> uid Ralf Huels (born 1967-06-21 in Muelheim/Ruhr, Germany)
> As you probably know, this (together with the name at birth
> where appropriate) is considered to uniquely identify a person
> according to german census and is easily verified with most
> pieces of official german ID.
I don't think I would add more personal information than my name to a=20
UID of my keys. Of course it's not unique (and in fact there is already=20
a key of a name twin of mine; but his UID is mangled because he used=20
PGP to create it), but I really don't feel comfortable about releasing=20
more information about me to the public than necessary.
> > Are there reasons not to add a user id without email address?
> I don't see any. When signing a UID like that you should check
> carefully for a self-signature, I guess. There's no other way
> to check whether the person described by the UID has control
> over the secret key as you can't send a challenge.
And therefore such a key would only get a level 2 signature from me. But=20
in the wild such keys will most likely have an additional user id with=20
an email address. And this can be used to send a challenge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----