Comment fields in the User ID [was: Re: Help me to import my secret key please]

Ingo Klöcker kloecker at kde.org
Mon May 17 22:54:38 CEST 2010


On Monday 17 May 2010, Daniel Kahn Gillmor wrote:
> On 05/17/2010 12:47 PM, MFPA wrote:
> > Nearly 20% of the keys in my keyring have something in the User ID
> > that is clearly not part of a person's identity.
> > 
> > What would you say was a non-dubious use of the "comment" field
> > within the User ID?
> 
> I've been asking myself the same question; i haven't come up with a
> clear answer.  The closest i've come is when someone uses the comment
> field to state an organizational affiliation specifically for use
> with that key, to differentiate from another key, such as:
> 
>  0xDECAFBAD
>    Maria Lopez (Foo Corp. Administrator) <maria at foocorp.example>
> 
>  0xDEADBEEF
>    Maria Lopez (Personal Use) <maria at lopez.example>
> 
> Even these messages might be better stored some other way, though. 
> For example, as OpenPGP notations in the self-signature.
> 
> What do you think?  When are comments in the User ID field actually
> useful?

I think you gave a good use case. The problem with something like 
OpenPGP notations or anything else that's not part of the User ID is 
that most people will never see this information. Most people will only 
see the user IDs (because that's the only thing the applications they 
use show to them).

Another use case would be marking a key as deprecated. First, you'd add 
a new user ID "This key is deprecated; use key 0xAABBCCDD instead" 
(okay, I'm not really using the comment field here) and then you'd 
revoke the signatures on all user IDs. Of course, there are other more 
appropriate ways defined in the spec to do this, but IMHO putting the 
information right in the users face is much more effective than hiding 
it in some obscure fields.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100517/c9f9b04b/attachment.pgp>


More information about the Gnupg-users mailing list