"just invent something..."

[Ángel]

Given the number of people that still manage to create (and distribute)
their keys with glaring mistakes, such as misspelling their own domain
name/tld, or providing a key which doesn't match their email address.

Too many people is sending and receiving openpgp emails by actually
encrypting the content on a separate application, then pasting it on
their MUA (often resulting in the openpgp armor contained in a html/text
block! ☹). Which then leads to the occasional mistake of the wrong key
being manually chosen.

People should *really* use a MUA supporting OpenPGP if they are going to
send or receive OpenPGP emails. It's a big mistake that end users think
it's normal to process that separately.


I don't think relaxing the current uid validation would help with that.
Quite the opposite.

The stated issue could be solved, while keeping rfc4880 conformance, by
adding a skip path on the key creation:

> You have chosen not to provide a uid to the new key. It is recommended
> to add an identifier. A key specifying no email address will be
> severely limited if it is going to be used to send or receive mail, as
> it won't be linked with that account.
> 
> If not providing a uid, usage of this key will have to be done using
> the user-unfriendly key fingerprint. By continuing with no explicit
> uid, GnuPG will automatically fill the uid field with the key
> fingerprint A1786ADB27E946D5DC1B5A989EED09D63FCD9AB7
> 
> 
> Do you want to create such a key anyway? [y/N]


I still wonder if it's worth adding that code for this limited use case,
though.



On 2020-05-21 at 15:32 +0100, Andrew Gallagher wrote:
> you should have a valid key
> that has "president at whitehouse.gov" in either its User ID or local
> alias (as RJH pointed out above).

Note you may need to set your alias for "<president at whitehouse.gov>",
not "president at whitehouse.gov". It will depend on how is gnupg called by
the MUA.


Best regards