moving user ID Comments to --expert mode

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Feb 3 21:59:57 CET 2011 

Hi folks--

I'd like to propose that GnuPG only prompt the user for a "Comment" for
their User ID under --expert mode.

Here's why:

 * most people just need a simple identity-driven OpenPGP certificate,
one that matches their name and e-mail address.

 * new users see the prompt and think they need to enter something
there, without understanding why or what to put there.  This leads to
people either making a witticism (e.g. "No Comment"), repeating their
actual name, redundantly describing their e-mail address (e.g. "gmail
address"), or saying something like "this is cool software", which then
becomes part of their User ID and goes on the keyservers, associated
with them permanently.

When keysigning, if i get asked to certify a key with a "comment" like
this, i don't know what to say.  What am i certifying if i say that this
key really belongs to "Joe Schmoe (no comment) <joe at example.org>" ? "Joe
Schmoe <joe at example.org>" i can understand and certify, but the
intervening comment doesn't seem sensible or verifiable.

There are indeed some possibly legitimate uses of comments, but many of
them would be better handled with notations attached to subkeys or
notations attached to particular user IDs.


What do other people think?


If moving the Comment: prompt to --expert seems to radical, a more
conservative proposal would be to change the prompt from:

 Comment:

to:

 Comment (leave blank unless you are sure you need this and know what
you are doing):

or:

 Comment (most people should leave this blank):


The example User ID prompt should also be changed (in english) from


> You need a user ID to identify your key; the software constructs the user ID
> from the Real Name, Comment and Email Address in this form:
>     "Heinrich Heine (Der Dichter) <heinrichh at duesseldorf.de>"

to:

> Your new key needs a User ID that identifies you; Usually, this takes
> the form of your real name followed by your e-mail address:
>     "Heinrich Heine <heinrichh at duesseldorf.de>"



Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110203/50fb4d3f/attachment.pgp>

More information about the Gnupg-users mailing list