-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Sunday 6 February 2011 at 7:46:30 PM, in <mid:[email protected]>, Daniel Kahn Gillmor wrote: > and those > do have legitimate User IDs. What's a "legitimate User ID?" My understanding is that, whilst the de facto standard is a name and an email address, there is no compulsion over what string to choose. > The User ID is the most commonly-used way to *find* the > key -- but it does not identify the key. It identifies > the user. Isn't the User ID simply the string which the user has chosen as an identifier for their key, which can be something more human-friendly than the key id? > The fact that people are willing to > cryptographically bind the User ID to the key (via > OpenPGP certifications, a.k.a. keysigning) is what > identifies the key. I thought the Key ID and the User ID both identified the key, the certifications were an assertion from other people that the User ID was consistent with the user's real-world identity, and that these certifications in combination with the User ID identified the user. - -- Best regards MFPA mailto:[email protected] Two rights do not make a wrong. They make an airplane. -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNTzZ5nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5p8B0D+wbw FTKiywBgtTUSQGm1H7QiW0jkHYf4t1/25l6mzLmfQtj2TrVWbK6si6hPPBBEswLt 49TkQC7yZHJTnYAChqUjKOyjBCT/9TEHh4WTmm8f2LBJf5+xIL6Sxze9c8j79koY cw2+lBWZtmJZFEp/+V9gz1tBG2+YGfdwZKA151/i =VTDA -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
