Making the case for smart cards for the average user
2014-667rhzu3dc-lists-groups at riseup.net
Tue Apr 7 16:41:11 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 7 April 2015 at 1:56:01 PM, in
<mid:5523D3E1.1000808 at adversary.org>, Ben McGinnes wrote:
> Let me see if I've got this right ... the issue is one
> which can only occur when the key owner has
> deliberately overridden the defaults by using the
> "allow-freeform-uid" option,
Or, indeed, using batch mode.
> allowing them to drop the
> standard format of "name <email at example.net>" and then
> they're shocked that doing so might produce unintended
Don't know about "shocked", but unintended consequences for a
non-standard UID scheme was indeed the issue.
The OP started this thread with a plug for his version of the GnuPG
smart card. Part of his scheme was to generate keys with a simplified
UID format that contained just an email address.
> Perhaps I'm being unreasonable, but surely if you go
> out of your way to make sure that a particular pattern
> does *not* appear in your UID then it is intended that
> searching on that pattern should not match your UID.
> Now granted, that intention may have been poorly
> considered by said key owner,
I pointed out that at least one MUA sends the email address enclosed
in angle brackets as the search string for GnuPG to locate the key. No
angle brackets around the email address means no key found. The OP
reconsidered his scheme and added the angle brackets. Issue resolved.
> but I'd hardly call it a
> bug in GPG for not anticipating that. After all, all
> it is doing is matching the pattern specified by the
> owner of the key.
Nor would I. But if somebody creates a key UID with just a bare email
address, is it sensible to accept that email address as a match when
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
Consistency is the last refuge of the unimaginative
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users