Should the use of multiple UID per key be discouraged?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Sep 10 21:09:43 CEST 2013


On 09/10/2013 03:01 PM, Philipp Klaus Krause wrote:
> GPG supports the feature of having multiple UIDs per key.
> However this requires special care of anyone signing such a key.
> AFAIK, there is no really user-friendly, and definitely no
> newbie-friendly way to do so. 

Please try out monkeysign (version 1.0 is in debian testing right now).
 It targets exactly this problem:

  http://web.monkeysphere.info/monkeysign/

If you think it is not user-friendly enough, the developers are active
and friendly folks, and they would be happy to receive suggestions for
new features.

> Would it be a good idea to discourage people from having multiple UIDs
> per key, and encourage them to create a separate key per UID instead?

I do not think this discouragement would be a good idea, since moving to
multiple keys imposes other costs and difficulties.  There are good
reasons to use separate keys for separate identities (e.g. if you want
to have  key you can hand over to your job when you leave there, or if
you want to operate under a pseudonym).  but there are also good reasons
to use one key for multiple identities (simpler key management, more
direct paths through the WoT for people who know you under one alias or
another).

There are tradeoffs involved in key and identity management, and people
need to be free to make the tradeoffs that make sense for them.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130910/3f5a4faf/attachment.sig>


More information about the Gnupg-users mailing list