keys require a user-id (was: Comparison of RSA vs elliptical keys)

Werner Koch wk at gnupg.org
Fri May 15 10:48:19 CEST 2020


On Thu, 14 May 2020 23:01, Stefan Claas said:

> you would consider including it in GnuPG too and reflecting it in the
> respective RFC?

The User-IDs are an integral part of OpenPGP and at the core of its
design.  All kind of important information is bound to the user ids and
thus a key w/o a user ID is basically useless.

There is one exception for this: Derek Atkins (one of the original PGP
authors) requested certain features to allow the use of a stripped down
OpenPGP key by space and CPU constrained devices.  We integrated this
into the standard because it is better to use even a stripped down
format than to come up with just another format.

Direct key signatures were never intended to replace User-IDs and their
self-signatures.

And no, it is not a privacy issue.  If you don't want to put your name
or mail address into the user ID, just don't do it but use a random
string or even the keys fingerprint.  For the majority of use cases a
mail address is still the best way to identify and even lookup a key.


Salam-Shalom,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200515/b2a0b934/attachment.sig>


More information about the Gnupg-users mailing list