User id's without person's name, only email

Robert J. Hansen rjh at sixdemonbag.org
Wed Nov 17 19:15:17 CET 2021


> Mapping a "Real Name" to an email address is a conceptually different
> thing from mapping an email address to a public key.

Except that should we be mapping keys to email addresses in the first 
place?

When we sign a certificate we make an assertion that this cryptographic 
material is controlled by this entity.  I control the cryptographic 
material associated with certificate 0x1DCBDC01B44427C7.  
rjh at sixdemonbag.org controls nothing -- it's just one of several places 
I pick up mail.

I have long considered mapping keys to email addresses to be a 
fundamental flaw.  It obscures exactly what it is we're trying to 
assert: that cryptographic material is controlled by *people*.



More information about the Gnupg-users mailing list