On Tue, 16 Sep 1997, William H. Geiger III wrote:
In the real world is the email address optional? What do people want?
In PGP5 the email address is effectively mandatory, if you want to use
the key for Eudora, for example.
I'm asking what people THINK it should do not what people think of the
PGP5 UI.
E-Mail address is most definatly not manditory in the real world. It is
not even maditory for an e-mail program. :)
AGREED!
I don't know if I have posted to this list about my work/research in PGP
integration but I have done quite a bit in this area.
As I have.
Now as far as UserID's outside of e-mail use there are a multitude of
uses. Internet E-Mail is only one form of message/data exchange. There are
numerious propriatory E-Mail formats out there that do not use standard
INet e-mail addresses that still can use PGP to encrypt the messages.
Some things I can think of:
Or to hold a random conventional key for disk or file encryption.
A CA style PGP cert - one I just use for signing other keys.
Or things simply for signing such as timestamps - I don't need to email
back, but I do need to verify the signature of a timestamp.
In general, once you have written any key handlers, it is easier to use
those style keys than rolling a new certificate format. X509 is an
exception because it is very complex and limited.
So now that I can generate and pull DSS and DH keys to/from PGP keyrings
(I already had RSA style working), I am going to use those same routines,
and even some of the conventional stuff is easier to use via my PGPlib API
than another rewrite.
So there will be many different key types out there.