Miscellaneous questions

Mark H. Wood mwood at IUPUI.Edu
Thu Apr 24 15:22:40 CEST 2008 

Besides, as the Bard says, what's in a name?  Binding a key to a name
doesn't tell you much.  First consider what it is you want to prove,
and then you will know what bindings you require.

Consider also the distinction between the information required to
investigate an identity and the information required to use it.
Banks, insurers, employers, etc. want a great deal of information to
establish the identities of those with whom they do business, but they
don't write it all on the outsides of envelopes that they mail to
us.  Maybe you want to check my DNA before signing my key, but
should I make my genome part of my identifier?  Trust in a signature
derives from the signer, not from the subject.

The user ID really only needs to be a label with sufficient
information to decide:  "this seems to be the person I want, so I will
investigate further."  No matter what information is asserted in the
user ID, you would have to test the assertion by other means before
accepting the identity as meaning what you require.  *Once the
identity is authenticated* you can use the key binding as a shortcut,
assuming that you trust the key's holder to take proper care with it.

And then there's the question of roles.  "HRH Izzy IV, King of Upper
Loa, Duke of Absentia, Protector of the Faith" is a bit much when
exchanging mail with relatives, but a salesman might want to provide
quite a bit of detail when cultivating business relationships with
strangers all over the globe.  Generalizing, your business role ID might
need more information than your personal role ID, and details would be
different and different in nature when acting for your employer
vs. for your church or civic organization.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: </pipermail/attachments/20080424/c36b49cc/attachment.pgp>

More information about the Gnupg-users mailing list