Miscellaneous questions

reynt0 reynt0 at cs.albany.edu
Wed Apr 23 19:41:42 CEST 2008


On Wed, 16 Apr 2008, Christoph Anton Mitterer wrote:
  . . .
>> I don't want to discourage you from suggesting changes, but I do
>> advise that you really understand what you are suggesting.  For
>> example, the ideas around user IDs being required to be full names
>> show misunderstanding of the OpenPGP trust model.
> Hm could you please explain me why? I always thought that completeness
> is also important correctness?
  . . .
> But I think there are also several points where we could increase
> security and tidy things up (e.g. the separation of ID's from
> attributes, describing a user, such attributes could be his name town,
> ZIP-code or even his ebay account).
  . . .

(This is a late comment, I'm catching up reading email, and
Herr C.A.M has mentioned his idea a couple of times.)

Isn't one issue concerning requiring "full" names, zip
code, or similar, that you are not getting some good 
"completeness", but are rather giving some responsibility
for some aspects of verification to big organizations,
especially political ones like whoever keeps full name
records, etc?  So aspects of identity used to verify
some user are no longer under the control of the user
to the extent the user wants, but might be required to
be able to check with some central authority?  I think
gpg wants to respect user self-control?  And tries hard
to find good ways to make things work that way?

"My parents wanted a boy baby, so they named me Robert
Christoph and call me Bob, some friends call me Alice,
but I really want people to know me as Cassandra; and
besides, I'm shy and don't want strangers to laugh at
me."  :-)



More information about the Gnupg-users mailing list