Recommendations for handling (multiple) user IDs - personal and company ones

Robert J. Hansen rjh at sixdemonbag.org
Sun Jun 9 02:40:07 CEST 2013


On 06/08/2013 01:03 PM, Daniel Kahn Gillmor wrote:
> fwiw, some people might not be comfortable certifying a User ID 
> ("signing a key") with such a comment, since it is not actually a
> part of the user's identity.  How is an OpenPGP certifier supposed
> to validate the correctness of this comment?

I entirely believe *you* might not be comfortable, but I think it's
already well-established that you're an edge case.  :)

People are free to be uncomfortable certifying user IDs that end in 'n',
in which case I'm completely out of luck.  People are free to be
uncomfortable signing user IDs for any old reason.  Unless there's
either a usability study that shows a particular pattern of behavior, or
widespread agreement that such a behavior is common in the field, I
think we ought be skeptical.

> In general, i think that comments in User IDs should be discouraged,
> as i've suggested publicly:

Nonsense.  They should be used where it makes sense to use them.  If it
doesn't make sense, they shouldn't be used.  We need no default
encouragement or discouragement policy, just a "please think about
whether it serves your needs" policy.




More information about the Gnupg-users mailing list