Christoph Anton Mitterer
Christoph.Anton.Mitterer at physik.uni-muenchen.de
Thu Apr 24 02:59:40 CEST 2008
Quoting reynt0 <reynt0 at cs.albany.edu>:
> Well, not specially (ignoring the polite grammar using the
> form of questions). What it was is a suggestion, stated
> in third person and a first person example, why one part
> of your suggestions/opinions might not be a good fit
> with gpg. IMHO, of course. That's all...
Well regarding my opinion on certifications,... I think the list an I
won't come to the same understanding in that issue (and probably lots
of oter questions, too).
Apart from any of our rules or suggestions or whatever you call it,
nobody can force users (the signers) to do anyting, as everyone can
sign what he/she wants.
What I wanted to do, was a suggestion, namely: signers should look at
the completeness of the. And if the signer thinks the name is
incomplete, he/she should (IMHO) not sign at all, or at leas use
perhaps a "lower" signature type (perhaps 0x12 or so; btw: gpg ignores
this currently, doesn't it?)
Of course we could even discuss what's part of the name?! What about
academic titles like "Dr." or "PhD", stuff from monarchy (OBE, Sir,
Dame, HRH, Prince, etc.) religious "titles" like "PP", "Cardinal", etc.?
Despite of the fact, that it's difficutl to decide what's a complete
name, I (= my opinion) think, that signers should have a look on
The reason: As a mathematicion I consider incompleteness as
incorrectness, that's even what OpenPGP (and actually every digital
signature system) does: If you "just" remove something from the signed
data, signatures won't validate.
If that reason is to far away from the real world for anyone: Just
think if VeriSign or some govermental agency would give you a
certificate or some ID card with an incomplete name, e.g. only the
family name, or the given name, or even just the first of the given
names? Or would it give you a certificate of some ID card with the
family name that you had before marriage?
It would probably not (for - in my opinion - obvious reason).
Of course this doesn not solve problems of ambiguity, but at least it
helps a little.
That's the same with family names: When they were introduced (probably
in the middle-ages?!) one reason surely was to solve the problems of
ambiguity of given names.
Today there are millions of Christophs,.. but is this a reason to drop
the family names?
What it all comes down to,... I didn't want to offend anyone on the
list, when writing my ideas opinions (thought that this list was open
for all ideas and so on).
If my tone was a little bit rude, I apologize myself, but it's
somewhat frustrating, that (nearly) the only answers I get consist of
arguments like, "nobody needs this", "this would break this and that",
"be more conservative", "at no way try to possibly clean things up or
give part of the standard a cleaner semantics"....
I think OpenPGP is quite widespread, neverless it might (this is only
a might!!) face extinction.
X509/CMS is used more and more in a lot of areas, even gnupg implements it.
I think the reason for this is simply that the hierarchical trust
model of X509 is much easier for lazy people (lazy in terms of
Of course OpenPGP is mightier in that way (a hierarchical model is
only a subset of its web of trust), but this won't save it on a long
As OpenPGP will always be more difficult to use (if you want to build
a strong web of trust) I thought that we should concentrate to really
improve and perhaps redesign OpenPG from scratch.
Stuff like clean separation between IDs and attributes and epsecially
_more_ attributes than just name, email and photo are really needed by
However... it seems nearly impossible to me, that such improvements
will find consent. :( ... that's why I'm frustrated....
Best wishes, *hoping that he has nobody offended again or started a
senseless discussion (Robert?! ;) )*,
This message was sent using IMP, the Internet Messaging Program.
More information about the Gnupg-users