User id's without person's name, only email
Robert J. Hansen
rjh at sixdemonbag.org
Wed Nov 17 19:15:17 CET 2021
> Mapping a "Real Name" to an email address is a conceptually different
> thing from mapping an email address to a public key.
Except that should we be mapping keys to email addresses in the first
place?
When we sign a certificate we make an assertion that this cryptographic
material is controlled by this entity. I control the cryptographic
material associated with certificate 0x1DCBDC01B44427C7.
rjh at sixdemonbag.org controls nothing -- it's just one of several places
I pick up mail.
I have long considered mapping keys to email addresses to be a
fundamental flaw. It obscures exactly what it is we're trying to
assert: that cryptographic material is controlled by *people*.
More information about the Gnupg-users
mailing list