Delete key from keyserver

David Shaw dshaw at jabberwocky.com
Wed Oct 26 05:38:49 CEST 2005


On Tue, Oct 25, 2005 at 08:50:11PM -0500, Alex Mauer wrote:
> David Shaw wrote:
> >Some people (myself included) check both before signing.  The name via
> >some sort of formal ID, and the email via a mail challenge.
> 
> As do I, at least for a level 3 signature.
> 
> >Still, if you don't want to bind both tokens together, just create an
> >user ID of <hawke at hawkesnest.net> without the name attached or a user
> >ID of "Alex Maurer" without the email address attached.  
> 
> I understand that it's possible to do this.  I was just lamenting the 
> fact that it is very strongly discouraged by GnuPG:
> 
>   Real name:
>   Name must be at least 5 characters long
> 
> >Some people
> >will not sign such a user ID though, 
> 
> I don't understand why.  If you trust the association of the Name and 
> key, how/why would having an email address in there as well improve the 
> trust?

It's not an issue of improving the trust, it's an issue of
disambiguation.  In my case, there are many different David Shaws out
there, including a furniture designer in New Zealand, a Pulitzer prize
winning journalist in the US, and a former MP for Dover in the UK.
I'm none of these.  There are at least 19 David Shaws on the keyserver
net as well, not including me.  My email address globally indicates
which David Shaw I am.

> >and at least the name-only one is
> >of questionable usefulness in practice.
> 
> If it's of questionable usefulness, then having the name there at all is 
> of questionable usefulness, and so is the verification of documents. 

Questionable usefulness *in practice*, I said.  In practice, one of
the major uses for GPG is email, and mail clients tend to look for
keys by email address.  It's a email client design issue, not a
cryptographic issue.

> Theoretically, the point of a physical meeting is:
> * Physical person linked by photo ID to name.
> * Name linked to key by the key field "Real Name"
> ? Possibly Physical person linked to photo uid by appearance.
> Any verification of the email is a totally independent operation, 
> linking the email address and the key, but not the name with the email 
> address.  Why should the signature connect them?

Because the keyholder elected to put them together.  OpenPGP puts the
keyholder in charge of what is signable.  If the keyholder wants to be
able to have an email-only or name-only user ID, that's up to them.
The signer can't override what the keyholder decides (which makes
sense, as it's the keyholder's key).  My key has both my name and
email address, and I don't want people signing just one.

> I could make a conventionally-UIDed new key with a friend's name and a 
> new email address, and he could meet with you and you could verify all 
> his official documents, but it would prove nothing about the email 
> address.  Then you could verify the email address with your challenge 
> method of choice, and it would confirm that the recipient of the mail 
> could use the key.  The end result would be a key that had an invalid 
> association between the name and the email address.

Give a challenge cookie to the person when you meet them, and ask them
for it in the email challenge.  It proves that the person who is
responding to your mail is either the physical person you met, or is
at least in communication with them.

David



More information about the Gnupg-users mailing list