On 5/21/20 10:52 AM, Ingo Klöcker - kloec...@kde.org wrote:
On Donnerstag, 21. Mai 2020 00:14:40 CEST LisToFacTor via Gnupg-users wrote: I suppose you also entered an empty string for "Email address": `` > Real name: Email address: f...@example.com You selected this USER-ID: "f...@example.com"Change (N)ame, (E)mail, or (O)kay/(Q)uit? o [...] ``` A key with above User-ID is generated.
You are correct, the e-mail address was likewise an empty string. First, let me mention that Web of Trust is to me not a useful public key verification mechanism, as it is compromises my privacy. I use other methods to make it possible for my correspondents to verify the key. I do not have a/one e-mail address either. At any point in time, I might be using any number of addresses, depending on who I'm communicating with, and none of those addresses is likely to remain in use as long as the key I am generating. None of such e-mail correspondents would have any idea whatsoever what to do with a gpg-encrypted message received from me anyways. On the other hand, for the exchange of personal and confidential messages, I do not use the "conventional" e-mail at all - the encrypted text is exchanged by other means, of which there are myriad. I do know I could have given my name as "Peter P. Pumpkineater" and the e-mail address as "peter.p.pumpkinea...@example.com" and the program would generate the key-pair for me. But the question begs: is inventing false information the proper way of preventing the leakage of personally identifiable information, completely unnecessarily, via programs constructed by system architects whose thinking about the privacy is stuck in the time long behind us? The proper thing for gpg program to do would be to allow the personally identifiable information in the key to be optional, and to warn the user generating such key that he will not be able to participate in the Web of Trust. Wouldn't that be a better system design than demanding the user to provide the false information and treating such information as valid? Especially as one would not be able to participate in the Web of Trust as "Peter P. Pumpkineater", but there is no way for a program to issue any warning for that? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
