User id's without person's name, only email

Bernhard Reiter bernhard at intevation.de
Wed Nov 17 15:59:39 CET 2021


Am Dienstag 16 November 2021 18:06:02 schrieb Andrew Gallagher via 
Gnupg-users:
> On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote:
> > Am I seeing a starting trend here? Do some people think that it is
> > better practice to have only have email address as user id?

Some email providers offering pubkeys via WKD only accept email-only
uids, see the policy flag "mailbox-only" in
https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/13/

> It is reasonable therefore to take the view that the non-email portion
> of a userID is cruft at best (and an unnecessary leakage of personal
> information at worst).

There are two potential problems here:
 a) usability in case of deliberately missleading information
     madam president <joe.doe at example.ntvtn.de>
 b) abuse prevention and responsibility on case of illegal information
     Mr X is an XXX he lives at Drowning Street YY <joe.doe at example.ntvtn.de>

However an email provider can exclude those ab-use-cases in their terms of 
service with their users and hold them responsible in case of violation.

So it is still okay to use uids which are no email addresses or some uids with 
more or other information. Just do not expect other services to carry this 
information, do not fully trust them (just like you do not trust pubkeys by 
default) and be prepared to take responsibility for the contents you are 
transmitting.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211117/fe084989/attachment.sig>


More information about the Gnupg-users mailing list