> Although commonly used, a name is not a good measure for identity.
My reply is probably very nearly pedantic, but the question raised is a venerable one: Do you want your system to be name-centric or key-centric. A name-centric system is one where the name is the identity, per se, and the key is an attribute of that name. A key-centric system is one where the key is the identity, per se, and the name is an attribute of that key. By analogy, just as there are advantages and disadvantages when comparing bearer bonds versus registered securities, there are advantages and disadvantages when comparing name-centric versus key-centric systems. A reference to an early discussion of binding would be Carl Ellison's 1996 USENIX paper, found at http://world.std.com/~cme/usenix.html. Within an enterprise, name-centric might be the better choice as moves and adds are the principal things that happen to individuals and their roles. As an individual, I prefer key-centric as I've a fairly strong bias toward preserving the benefits of pseudonymity in the face of spreading surveillance. YMMV, --dan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
