newbie question about identities

Stewart V. Wright
Mon Oct 6 14:31:01 CEST 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

G'day Neil,

* Neil Williams <> [031003 19:40]:
> On Friday 03 Oct 2003 10:14 am, Stewart V. Wright wrote:
> > for example.  I have 4 different ids and at least 2 of them will not
> Which makes 0xb3334559 difficult to retrieve sometimes. It took a little=
> searching before I could find it to verify a signature declared initially=
> 0x35DB7472 which is a subkey.

Indeed, this is a bit of a problem that has been bubbling away in my
subconscious for some time.

> It would be handy if you mentioned the public keyid 0xb3334559 in your=20
> signature line in all signed emails - hkp:// keyservers don't contain the=
> that matches your current signature but at least it gives readers a heads=
> on finding your key. Better still would be a simple page on a website=20
> mentioned in a sig or GnuPG comment allowing the full key to be downloade=
d in=20
> ascii armour.
> (Mine's on the site but it's a plain key and doesn't have =
> features that cause problems on hkp:// keyservers so I wouldn't think the=
> page is needed much.)

I use Werner's suggested X-Request-PGP header...

My regular (i.e. professional) .sig is four lines long already.  Any
longer and I'd be breaking the McQ "rules".

> There's no string specifying a location in the GnuPG signature comment, t=
> subkey ID is not on hkp:// keyservers and your email address isn't found =
> keyserver either (which tends to be able to cope with ke=
> that get corrupted/ignored by other keyservers). sks does have the key, b=
> searching by name is always my least favourite option - there are so many=
> matches usually that it takes time to find out if you've got the right on=

Ah.  OK.  I'm doing a key signing in the next week or so (anyone near
Liverpool in the UK who wants to get involved?), so I'll spread it
around further then.
> > Also, there are umpteen keys on the key servers with my name (id)
> > attached to them (really should have learnt about revoking all those
> > years ago!) but only two are valid at the moment.
> Some appear to be revoked but none match the signing subkeyID of this mes=

True.  I was just indicating that one can have multiple keys
associated with a single email address.  Thus email/name "id" is not
able to distinguish between keys, but fingerprint "id" is.



European Citizens: Please do a little work to convince the European
Parliament to reject software patents. This page explains the issue
and provides suggestions for action; take the time to participate.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.2.3 (GNU/Linux)



More information about the Gnupg-users mailing list