key generation: email-address necessary?
Ingo Klöcker
kloecker at kde.org
Sun Feb 28 11:22:21 CET 2010
On Saturday 27 February 2010, Doug Barton wrote:
> On 02/26/10 10:34, Martin Bretschneider wrote:
> > Hi,
> >
> > I want to recreate my GnuPG keys. My question is if I can omit the
> > email address? Since I do not want my email addresses to appear on
> > the keyservers because of spammers and so on.
>
[snip]
>
> 5. And finally something germane to the list, the amount of trouble
> you will cause for yourself and others by omitting your e-mail
> address will far exceed any benefit you may get from "hiding" your
> address from the spammers.
Leaving the spam-argument aside (which I agree with Doug is a bogus one)
I can think of a good (?) reason for creating an OpenPGP key without
email address: Usage of a master key that is used exclusively for the
certification of other OpenPGP keys. All signing and encryption keys
will be subkeys of this master key. Now the question is whether user ids
can be tied to subkeys? (I haven't studied the spec, but from what I
know the answer is most likely no. Anyway...)
If the answer is yes, then one could tie certain user ids to certain
signing/encryption subkeys and this way have one master key certifying a
whole bunch of signing/encryption subkeys used for different purposes.
(Not sure whether this does actually make sense.)
If the answer is no, then the master key would be a standalone certify-
only key that would not be used by mail clients for signing/encryption
and thus it does not do any harm that the key lacks an email address.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100228/2312e7c3/attachment.pgp>
More information about the Gnupg-users
mailing list