moving user ID Comments to --expert mode
Jameson Rollins
jrollins at finestructure.net
Thu Feb 3 23:22:38 CET 2011
On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
> On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote:
> > my "user survey" is from several years of trying to personally help
> > dozens of people of all skill levels learn how to use OpenPGP for secure
> > messaging. Regardless of the intelligence or technical savvy of the
> > people i've personally helped get more comfortable with OpenPGP, i
> > believe all of them have been baffled by the Comment: prompt.
>
> I'm in a similar position to you, except this is my twentieth year of
> helping people with PGP. (I started way back in 1991, when PGP first
> came out and was distributed friend-to-friend on floppy disks... five
> and a quarter floppy disks.)
>
> I have never seen anyone be baffled by the 'Comment:' prompt. Some
> people have asked, "What should I type here?", and I usually explain,
> "nothing, just hit return," and they do. Those who ask what the
> "Comment" field means generally understand it very quickly.
I have to agree with Daniel that I have in fact honestly never spoken to
anyone who was *not* confused by that field. I can't ever remember
seeing a comment field used in any way that made sense to me.
> > I invite you to look through the User IDs in your own keyring, from the
> > perspective of a potential certifier, and ask yourself "what does it
> > mean for me to certify these comments?"
>
> Zero. Comments don't get certified. All my signature means is I have
> met this person face to face, have seen two forms of government
> identification, have confirmed a fingerprint and exchanged an email at
> that address. There's nothing in my signature policy that addresses
> comments, nothing at all.
I'm not sure I understand this comment. Certifications are over user
IDs. The comments are in the user IDs. By certifying the full user ID
you are also certifying the comment.
> > Omitting the baffling prompt entirely would be the most terse, which is
> > what i propose. Do you object to that?
>
> Without a good basis, yes, I do. If you change this prompt you will
> also break a ton of scripts that expect this prompt. Not only that, but
> since key generation is a rare occurrence the breakage may occur months
> or years after the change is made. This isn't something to be done lightly.
I think this is why his original suggestion was to move it instead to
--expert. Moving it to --expert makes a lot of sense to me.
jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20110203/8b11e6c6/attachment.pgp>
More information about the Gnupg-users
mailing list