User id's without person's name, only email
I have seen a couple of new OpenPGP keys which have only email addresses as user id's. No person's name at all. I also noticed that Notmuch Emacs email client was changed in recent months so that it shows only signer's email when the signature is verified with a valid key, even if key's user id's have person's name. Am I seeing a starting trend here? Do some people think that it is better practice to have only have email address as user id? What might be their reason? Or maybe it's not a trend and doesn't mean anything. I got curious anyway. Add your speculation. :-) -- /// Teemu Likonen - .-.. https://www.iki.fi/tlikonen/ // OpenPGP: 6965F03973F0D4CA22B9410F0F2CAE0E07608462 signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: User id's without person's name, only email
On Tue, 2021-11-16 at 18:20 +0200, Teemu Likonen wrote: > Am I seeing a starting trend here? Do some people think that it is > better practice to have only have email address as user id? What > might be their reason? Or maybe it's not a trend and doesn't mean > anything. I got curious anyway. Add your speculation. :-) When selecting a key for either encryption or verification purposes, only the email address part is meaningful. "John Smith " and "John David Smith (work email) " are functionally equivalent. The "Real Name" and "Comment" portions of the userID are mere conventions and, if you have an address book, entirely redundant. It is reasonable therefore to take the view that the non-email portion of a userID is cruft at best (and an unnecessary leakage of personal information at worst). A signature.asc Description: This is a digitally signed message part ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Key Management - BSI had send private key instead of public key
Hello, According to an article on the German site golem.de[1] Germany's BSI[2] had sent its private key instead of it's public key to a user via email, who requested its public key. I am only familiar with GnuPG command line usage and assume that they may use a GUI based program or add-on for an MUA. My question is what can cause this, let's say if you have a busy and stressful day and would accidentally carry out such operation, as security professional knowing such a cryptographic tool for a long time, I assume. If this can happen to professionals then it would tell me that there is a design flaw in the software used. Because this german article does not go into details, has someone of you more details on how this happened? Regards Stefan [1] https://www.golem.de/news/verschluesselung-bsi-verschickt-privaten-pgp-schluessel-2111-161073.html [2] https://www.bsi.bund.de/EN/Home/home_node.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Key Management - BSI had send private key instead of public key
Stefan, On Wed, 17 Nov 2021 at 11:47, Стефан Васильев via Gnupg-users wrote: > If this can happen to professionals then it would > tell me that there is a design flaw in the software > used. https://www.gnupg.org/gph/en/manual/r887.html is explicit that it will "export-secret-keys" I haven't confirmed the fingerprint of every Public Key they made available for download on their web pages but it may have just been one Private Key that was compromised rather than many Public Keys but if want use their search function on their web page with "PGP Fingerprint" and "GPG Fingerprint"? -- Regards, Christian Heinrich http://cmlh.id.au/contact ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users