On Thu, 03 Feb 2011 17:10:58 -0500, "Robert J. Hansen" <[email protected]> wrote: > On 2/3/11 4:30 PM, Daniel Kahn Gillmor wrote: > > my "user survey" is from several years of trying to personally help > > dozens of people of all skill levels learn how to use OpenPGP for secure > > messaging. Regardless of the intelligence or technical savvy of the > > people i've personally helped get more comfortable with OpenPGP, i > > believe all of them have been baffled by the Comment: prompt. > > I'm in a similar position to you, except this is my twentieth year of > helping people with PGP. (I started way back in 1991, when PGP first > came out and was distributed friend-to-friend on floppy disks... five > and a quarter floppy disks.) > > I have never seen anyone be baffled by the 'Comment:' prompt. Some > people have asked, "What should I type here?", and I usually explain, > "nothing, just hit return," and they do. Those who ask what the > "Comment" field means generally understand it very quickly.
I have to agree with Daniel that I have in fact honestly never spoken to anyone who was *not* confused by that field. I can't ever remember seeing a comment field used in any way that made sense to me. > > I invite you to look through the User IDs in your own keyring, from the > > perspective of a potential certifier, and ask yourself "what does it > > mean for me to certify these comments?" > > Zero. Comments don't get certified. All my signature means is I have > met this person face to face, have seen two forms of government > identification, have confirmed a fingerprint and exchanged an email at > that address. There's nothing in my signature policy that addresses > comments, nothing at all. I'm not sure I understand this comment. Certifications are over user IDs. The comments are in the user IDs. By certifying the full user ID you are also certifying the comment. > > Omitting the baffling prompt entirely would be the most terse, which is > > what i propose. Do you object to that? > > Without a good basis, yes, I do. If you change this prompt you will > also break a ton of scripts that expect this prompt. Not only that, but > since key generation is a rare occurrence the breakage may occur months > or years after the change is made. This isn't something to be done lightly. I think this is why his original suggestion was to move it instead to --expert. Moving it to --expert makes a lot of sense to me. jamie.
pgptusULBZJoU.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
