keys require a user-id (was: Comparison of RSA vs elliptical keys)
Werner Koch
wk at gnupg.org
Fri May 15 10:48:19 CEST 2020
On Thu, 14 May 2020 23:01, Stefan Claas said:
> you would consider including it in GnuPG too and reflecting it in the
> respective RFC?
The User-IDs are an integral part of OpenPGP and at the core of its
design. All kind of important information is bound to the user ids and
thus a key w/o a user ID is basically useless.
There is one exception for this: Derek Atkins (one of the original PGP
authors) requested certain features to allow the use of a stripped down
OpenPGP key by space and CPU constrained devices. We integrated this
into the standard because it is better to use even a stripped down
format than to come up with just another format.
Direct key signatures were never intended to replace User-IDs and their
self-signatures.
And no, it is not a privacy issue. If you don't want to put your name
or mail address into the user ID, just don't do it but use a random
string or even the keys fingerprint. For the majority of use cases a
mail address is still the best way to identify and even lookup a key.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200515/b2a0b934/attachment.sig>
More information about the Gnupg-users
mailing list