choosing an encryption target from a User ID

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Sep 22 22:40:07 CEST 2009


On 09/22/2009 04:09 PM, John W. Moore III wrote:
> John Clizbe wrote:
> 
>> IIRC, it's the first usable key with a matching User ID. Period. First one it
>> can use.

thanks for catching that, John.  It appears that if the first key with a
matching User ID doesn't have full calculated validity, the user gets a
scary warning that "There is no assurance this key belongs to the named
user", and then:

    It is NOT certain that the key belongs to the person named
    in the user ID.  If you *really* know what you are doing,
    you may answer the next question with yes.

It does this even if there is a full-valid match later in the keyring!

This doesn't seem like friendly or reasonable behavior for the power
user, let alone the novice user.

> My usual 'solution' for this is to 'Disable' the non-preferred or unused
> Key until such time as it is Revoked or I have been otherwise informed
> it is deprecated beyond any further use.

i'm assuming you mean "gpg --edit-key 0xDECAFBAD" followed by the
"disable" subcommand.

What do y'all think should actually be happening here?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090922/d7a9b284/attachment.pgp>


More information about the Gnupg-users mailing list