"just invent something..."

Andrew Gallagher andrewg at andrewg.com
Thu May 21 16:32:16 CEST 2020


On 21/05/2020 14:34, LisToFacTor via Gnupg-users wrote:
>> The proper thing for gpg program to do would be to allow the
> personally identifiable information in the key to be optional,
> and to warn the user generating such key that he will not be able
> to participate in the Web of Trust.

I think you're getting overly hung up on the web of trust. The contents
of the User ID are independent of the WoT - they exist to tell your
email program which keys belong to which correspondents. You can use a
WoT with keys that have no email addresses in them, so long as the
verification chain is cryptographically valid and you have the
appropriate settings in your trustdb. Your WoT could be made up of
Donald Duck, Mickey Mouse and Goofy - the only time the UID's contents
become important (as opposed to its certifications) is when you want to
send an email to president at whitehouse.gov you should have a valid key
that has "president at whitehouse.gov" in either its User ID or local alias
(as RJH pointed out above).

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200521/d4ed4790/attachment-0001.sig>


More information about the Gnupg-users mailing list