Making the case for smart cards for the average user

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Apr 7 16:41:11 CEST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 7 April 2015 at 1:56:01 PM, in
<mid:5523D3E1.1000808 at adversary.org>, Ben McGinnes wrote:



> Let me see if I've got this right ... the issue is one
> which can only occur when the key owner has
> deliberately overridden the defaults by using the
> "allow-freeform-uid" option,

Or, indeed, using batch mode.



> allowing them to drop the
> standard format of "name <email at example.net>" and then
> they're shocked that doing so might produce unintended
> consequences?

Don't know about "shocked", but unintended consequences for a
non-standard UID scheme was indeed the issue.

The OP started this thread with a plug for his version of the GnuPG
smart card. Part of his scheme was to generate keys with a simplified
UID format that contained just an email address.



> Perhaps I'm being unreasonable, but surely if you go
> out of your way to make sure that a particular pattern
> does *not* appear in your UID then it is intended that
> searching on that pattern should not match your UID.
> Now granted, that intention may have been poorly
> considered by said key owner,

I pointed out that at least one MUA sends the email address enclosed
in angle brackets as the search string for GnuPG to locate the key. No
angle brackets around the email address means no key found. The OP
reconsidered his scheme and added the angle brackets. Issue resolved.



> but I'd hardly call it a
> bug in GPG for not anticipating that.  After all, all
> it is doing is matching the pattern specified by the
> owner of the key.

Nor would I. But if somebody creates a key UID with just a bare email
address, is it sensible to accept that email address as a match when
selecting keys?

- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Consistency is the last refuge of the unimaginative
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVI+yTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw2HsIAK3/8H1iBC8dLPmusB4lAhSk
gRnuqa3f5ZS0BjQ7M5oI1gSirkx9vahIU8SEk2a215kUbr2FL2fw2cwFscVy3Fc1
WiOq4iUqyfrrKhHpnGH+M8mmXpuFwN9MNuL93qnXYwYjTX5ZrcTZ6vSE9EKsX4wh
6pdG0I8DSdngCL+Ss6fVLA2PiEjPeYy0nRXxh7aHT22nuG2pxkgtORMOTz3/PMb8
N0V5HnUP2qt9FGi9cwWBczhpwuWiiYx3DchY7wReMs4MGUCGQwJQoceSfrn4ChvR
7Rtsj4EmieBiVkqBorboc4rcEMEzKyHM6aiqOOs9LHeR4BgzH/hnMsgen57RAaWI
vgQBFgoAZgUCVSPsm18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45BSiAQCBKxOgzME70e56LpzZpaPMFdva
dZbfxeT0u86Szpu7fQEAZ7Ruw4P4l6UEiXGGO8gWpPS5JfMIqg4CrlNkuHrLOAk=
=AMFq
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list