-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 25.04.2014 00:22, schrieb Doug Barton: > Isn't what you're talking about "verification?"
To my mind, "verification" is the _process_ whereby the _properties_ like "validity" and "authenticity" are established*. I see a difference there, but one could absolutely use the word "verified" and "verification", of course. > I think the concept of "validity" in PGP sort of implies that you > have verified that the key is valid for that particular user/e-mail > address, but wouldn't it be better to just say that explicitly? Yes, it would. That's pretty much my whole point. "Validity" is misleading, because it's commonly associated with dates (valid from ... until ...) or a some sort of stamp that (in)validates something. In terms of GnuPG keys, this would translate more readily to expiration dates and revocation, so "validity" could be used for that (if at all). So if a UserID or key is listed as "validity unknown", new users scratch their heads. If instead GnuPG lists a UserID as "not verified" or with "authenticity unknown", then even most new users should understand more-or-less intuitively that they need to verify or authenticate the key (and, hopefully, why). And it also works in the WoT model, one just says something like "GnuPG can compute authenticity/verification from a key's signatures..." or "GnuPG can authenticate/verify a key based on its signatures...". > And apologies to anyone for whom English is not their first > language if it seems like we're spending a lot of time trying to > differentiate things that are very similar ... I thought a bit about other languages and I believe the issue is similar there. In German, validity translates to Gültigkeit, authenticity to Echtheit or Authentizität, verification to Bestätigung or Beglaubigung and the connotations are very much the same as in English. I'm fairly confident that it will be similar in a great many languages (probably almost all Indo-European ones, at least). So if a slight change in language would make things clearer to English speakers, the corresponding change translated should also help speakers of other languages. Best gabe *: Say I received a key with my friend's UserID bound to it. I call them to _verify_ that it's actually the same key they generated and sent me by comparing fingerprints. With the _verification_ done (which did not involve any fiddling with bits), I know validate/authenticate the key by signing it (bit fiddling). Now the key is "valid"/"authentic" to GnuPG. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTWZnHAAoJEO7XEikU4kSzq0IIALWSMNjKBt66TZO1HUB0Dm/0 71aAX0Y57xDivPqga+Wn+FbBZ+EUVDbbIe26SWvRSuv6+hfzXh0dn3ooTZjm5XEu F6MjXBR/JR3RDZh0TljbfpR3UAPkgm/mORaLlOvx36vs1TqcuWaJoitl1HQuP1SW CjZYiN7othfcoGtsPgzXQsgc7tiCGt0f7wLC+4hnms+UyE6gsKy5Yr5IKryFa/qx DGMFMutwdpHHPi2Rxb+TnFfgcdUSn0G/tVMkW3HO4oPa8EnsWG252dWPf/EoZQX/ AR+rOgP9sDeb4kvCUKe3yNAL6OU8DikiTEg/EEBuoYk1ZZ4/0x97nGyByiDpjAc= =r/0G -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users