Oskar L. wrote: > Are there any any drawbacks in not having an e-mail address in the > public key?
Not especially. > Are there any widely used applications that will expect one, and not > work if none is found? Not to my knowledge. > Why is there no way to generate a RSA keypair in one step, like when you > create a DSA/Elgamal keypair? Why do I first have to create a signing key, > and then in a separate step create an encryption key? This is annoying. 1. Because the developers don't feel it's necessary, and nobody's yet submitted a patch. 2. Why do you need an RSA keypair? The overwhelming majority of users are best served by sticking with the defaults--which, in this case, means a DSA/Elgamal keypair. > "Name must be at least 5 characters long" > Why? There are probably many people who like to go only by their first > name, and have a 3 or 4 character name.' 1. Because the developers don't feel it's necessary, and nobody's yet submitted a patch. 2. RFC2440 is officially neutral about the content of a user ID packet, except that by convention it's an RFC822-style address. Speaking for myself, I'm glad GnuPG enforces a minimum; it reduces the likelihood that some poorly-conformant implementation will have a psychotic break from reality when it sees a user ID packet with length 0. GnuPG's limit is, as near as I can tell, completely arbitrary. That doesn't make it a bad choice. If the spec gives no guidance (at least, none I can see in section 5.11), then any decision whatsoever is arbitrary. Allow zero-length? Arbitrary. Allow only names of 17 characters? Arbitrary. Require at least five-letter names? Arbitrary. The ultimate metric is not whether the choice is perfect; it's whether the choice makes sense for the great majority of users. > Is there any way to manually set the time that will be used for the > creation time? Or do I have to change the system time if I don't want to > use the current time? I'm a bit of a perfectionist, and think 00:00:00 > looks much better than something like 01:42:57. There is not, and I recommend against changing your system time just to get a 'perfect' key. A key is a mathematical device which allows us to utilize trust relationships over a widely dispersed network. A perfect key is one which best contributes to the confidence and trust of the network. If I see that you've got a key date of 00:00:00, my first thought is going to be that you've played hob with your system time and carefully doctored your key. That is not going to cause me to have trust in you or your key. Doctoring a key in this way is probably ultimately against your own interests. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users