comments on uid

[Faramir]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

El 18-03-2012 5:13, freejack at is-not-my.name escribió:
...
> Alright that's a good answer but aren't people just confirming the
> email address belongs to a known signer when they sign a key? Does
> it really matter what the UID comment is? I think it may be going a
> bit too far to say the UID is guaranteed.

  You define yout policy about what do you check when you sign a key
(or an UID, after all, you sign UIDs on a key, not the key itself). So
somebody might check email address and name of the key owner, and
ignore the comment, unless it is false (like the comment sayind "USA
President"). Others might don't care about the comments at all.

> Do I have to do anything with the keys when adding a UID and
> deleting the old one? I don't remember.

  I think you must make the new UID primary UID before being able to
delete the old one, but not sure about it. The worst thing that could
happen is to get a message saying "you can't delete your primary UID"
or something like that.

> My question is on a situation I didn't add the comment by mistake
> when I created the key and now I'd like to be able to add a
> comment. The key isn't signed etc. Thanks.

  If the key is not signed and it is not on keyservers, just make the
new UID, set it as primary, and delete the old one. If the key is
available at keyservers, then revoke the old one instead of deleting it.

   Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJPZhtbAAoJEMV4f6PvczxAAoQH/jWRJ/iUvkPw5njP3pGJhXoG
FUUpdZmzkzJ3kuYTZwDpzBmn2W5v0pzV/fiZiXGjd3dPunIUg9V1sob0t24X+K34
FMS1T/9uISfZolURJMZav7lFJxW9xTP2CjfCzF76Nz8HVcgAWyAXLt3EvUzq3iQo
jcM51jAEhzSCVSNHHnvWIvWUIzUMDDENgyPX90D/cifpjUErNAKEfy6Nytx66BcY
HvYy4DNC53M54AXkPktT2UvFMjsDc53N9nedxM6n2PL9GWIJC9QXAd++7hcCFdld
cX4mr00I+3t/zd72eo+N4OR0SN4Mq0EbSF9ncMNuzZpC/RJtXvwPXdwMn4Ql7ac=
=rU/9
-----END PGP SIGNATURE-----