moving user ID Comments to --expert mode
expires2011 at ymail.com
Mon Feb 7 01:01:48 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 6 February 2011 at 7:46:30 PM, in
<mid:4D4EFA96.9070100 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> and those
> do have legitimate User IDs.
What's a "legitimate User ID?" My understanding is that, whilst the de
facto standard is a name and an email address, there is no compulsion
over what string to choose.
> The User ID is the most commonly-used way to *find* the
> key -- but it does not identify the key. It identifies
> the user.
Isn't the User ID simply the string which the user has chosen as an
identifier for their key, which can be something more human-friendly
than the key id?
> The fact that people are willing to
> cryptographically bind the User ID to the key (via
> OpenPGP certifications, a.k.a. keysigning) is what
> identifies the key.
I thought the Key ID and the User ID both identified the key, the
certifications were an assertion from other people that the User ID
was consistent with the user's real-world identity, and that these
certifications in combination with the User ID identified the user.
MFPA mailto:expires2011 at ymail.com
Two rights do not make a wrong. They make an airplane.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users