keys require a user-id
Stefan Claas
sac at 300baud.de
Sat May 16 15:35:43 CEST 2020
rjh at sixdemonbag.org wrote:
> (Sent from my phone)
>
> If and when people insisting on UID-less keys want to communicate
> with me, I'll tell them the same thing I told users of Imad Faiad's
> PGP 6.5.8ckt builds, Disastry's PGP builds, and many more:
>
> "I'm sorry, but you're not confirming to the specification. If you
> wish for me to make sense of your messages, please resend in a
> conformant message."
>
> The community has literally been dealing with devs breaking the
> standard for 25 years. We have learned from bitter experience how
> important standards conformance is.
>
> UIDless certs will get the same response as people using TIGER192 as
> a hash.
So, when you like to communicate with a person who uses such a new
key how do you proceed then?
And you bring up also one interesting point, I like to ask, for the
interested ML reader here.
How does this work in general, let's say I am a dev and would add this
too, to my OpenPGP app. Is there an OpenPGP board where devs can vote
for or against a feature, so that Werner has then to follow suite, or
is he in the position to say no and every dev has to follow his GnuPG
specs?
P.S. Really to bad that Mr. Zimmermann, Bruce Schneier, Prof. Bernstein,
Prof. Green and other crypto experts are not on this ML. I would really
like to hear what they would say to such an OpenPGP feature in 2020.
Regards
Stefan
--
Signal (Desktop) +4915172173279
https://keybase.io/stefan_claas
More information about the Gnupg-users
mailing list