-----BEGIN PGP SIGNED MESSAGE-----
In
<3(_dot_)0(_dot_)3(_dot_)32(_dot_)19970916133305(_dot_)006e0184(_at_)204(_dot_)96(_dot_)36(_dot_)2>,
on 09/16/97
at 12:33 PM, Rodney Thayer <rodney(_at_)sabletech(_dot_)com> said:
In the real world is the email address optional? What do people want?
In PGP5 the email address is effectively mandatory, if you want to use
the key for Eudora, for example.
I'm asking what people THINK it should do not what people think of the
PGP5 UI.
E-Mail address is most definatly not manditory in the real world. It is
not even maditory for an e-mail program. :)
I don't know if I have posted to this list about my work/research in PGP
integration but I have done quite a bit in this area.
In any effective e-mail integration some type of list will be needed where
keys are crossreferenced with e-mail addresses. This is not needed for all
keys, only a minority of keys used. This list is used to handle the
following issues:
-- Duplicate keys: This is where one will have multiple keys that contain
the same e-mail address in the userID fields. In such a case a default key
must be selected for use.
-- No keys: This is where no key can be found to match the e-mail address
in the To:, CC: or Bcc: fields of the message. Several subtopics need to
be addressed here:
-- No key: The owner of this e-mail address has no key. This covers
persons who are not using PGP and/or mailing list or other group postings
where encryption is not practical.
-- Address Change: The owner of this e-mail address has a key (or
multiple keys) but his current address is not in his userID fields
(primary or aka).
-- No Encryption: The owner of this e-mail address has a key that
matches the e-mail address but for whatever reason the user does not want
to encrypt mail to that address.( ie the recipiant has 2 userID's on his
key; one is his personal e-mail address and the other is his work e-mail
address. Due to company policy he is not allowed encrypted mail at work.)
This are some of the most common senarios that I have encountered I am
sure there are others you can come up with.
Now as far as UserID's outside of e-mail use there are a multitude of
uses. Internet E-Mail is only one form of message/data exchange. There are
numerious propriatory E-Mail formats out there that do not use standard
INet e-mail addresses that still can use PGP to encrypt the messages.
I am currently working on an Encrypted IRC private chat channel that uses
PGP keys for the session key exchange.
SSH is another program that could/should be modified to make use of PGP
keys for the session key exchange.
If you take a look at the PGP Keyserver you will se quite a few UserID's
that show FIDO addresses (Yes folks FIDO is alive and well thankyou <g>).
Nom de plume's are quite popular in conjuntion with anonymous remailers.
People still like to have an "identity" even when being "anonymous". As
governments world wide step up their efforts to crack down on the use of
encryption (and free speech in general) expect to see a dramtic increase
of this.
Basically anything required the exchange of encrypted data can take
advantage of the use of PGP keys with or without the use of e-mail
addresses. IMHO they are far from manditory in the UserID field. :)
- --
- ---------------------------------------------------------------
William H. Geiger III http://www.amaranth.com/~whgiii
Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://www.amaranth.com/~whgiii/pgpmr2.html
- ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000
iQCVAwUBNB7FLI9Co1n+aLhhAQEy/gP9FUX/3CAG393PAk24MaXUW+QDlw+LOZmk
wY5gui8JtvsLxuWR5gotaNOTqn7iY+NksobjdcZBqnNuaqIMUc4yzjvgsLGHVYkf
Bk6631NiHqEkQe7K5VMgR1ts7UusNxoPwYGdjBobFL+qbxzPEzbyPA5gyPirPZXP
8W2jZ1pj6SI=
=GjXn
-----END PGP SIGNATURE-----