moving user ID Comments to --expert mode

Jameson Rollins jrollins at finestructure.net
Thu Feb 3 23:22:38 CET 2011 

On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen" <rjh at sixdemonbag.org> wrote:
> On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote:
> > my "user survey" is from several years of trying to personally help
> > dozens of people of all skill levels learn how to use OpenPGP for secure
> > messaging.  Regardless of the intelligence or technical savvy of the
> > people i've personally helped get more comfortable with OpenPGP, i
> > believe all of them have been baffled by the Comment: prompt.
> 
> I'm in a similar position to you, except this is my twentieth year of
> helping people with PGP.  (I started way back in 1991, when PGP first
> came out and was distributed friend-to-friend on floppy disks... five
> and a quarter floppy disks.)
> 
> I have never seen anyone be baffled by the 'Comment:' prompt.  Some
> people have asked, "What should I type here?", and I usually explain,
> "nothing, just hit return," and they do.  Those who ask what the
> "Comment" field means generally understand it very quickly.

I have to agree with Daniel that I have in fact honestly never spoken to
anyone who was *not* confused by that field.  I can't ever remember
seeing a comment field used in any way that made sense to me.

> > I invite you to look through the User IDs in your own keyring, from the
> > perspective of a potential certifier, and ask yourself "what does it
> > mean for me to certify these comments?"
> 
> Zero.  Comments don't get certified.  All my signature means is I have
> met this person face to face, have seen two forms of government
> identification, have confirmed a fingerprint and exchanged an email at
> that address.  There's nothing in my signature policy that addresses
> comments, nothing at all.

I'm not sure I understand this comment.  Certifications are over user
IDs.  The comments are in the user IDs.  By certifying the full user ID
you are also certifying the comment.

> > Omitting the baffling prompt entirely would be the most terse, which is
> > what i propose.  Do you object to that?
> 
> Without a good basis, yes, I do.  If you change this prompt you will
> also break a ton of scripts that expect this prompt.  Not only that, but
> since key generation is a rare occurrence the breakage may occur months
> or years after the change is made.  This isn't something to be done lightly.

I think this is why his original suggestion was to move it instead to
--expert.  Moving it to --expert makes a lot of sense to me.

jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20110203/8b11e6c6/attachment.pgp>

More information about the Gnupg-users mailing list