At 3:32 PM +0200 8/5/01, Ingo Luetkebohle wrote:
I would like to suggest an RFC or other document about best current
practices regarding User-ID's.
In that, a thorough re-evaluation of the current situation should be
done, possibly based upon previous works, if there are any (I'm not
aware of that, if anyone is, I'd be happy about a pointer).
The reason for all this is that I see several problems with the way
User-ID's are used on OpenPGP implementations right now. Immediately
obvious is the spam problem because User-ID's contain e-mail addresses
and people are encouraged to upload their keys to keyservers, which
are searchable by all but also the uniqueness problem (people have
multiple addresses and I'm not of the opinion that listing them all is
the solution) and the problem of anonymity.
What does the working group think? Are the abovementioned problems
irrelevant in your opinion or, if not, would you agree that a document
about User-ID's would be a good start at solving them?
Looking forward to your input!
I don't know about irrelevant -- but I don't know what do do about them. If
user ids didn't have email addresses on them (which they don't have to), it
would be hard to find the right key when you want to encrypt mail to
What do you think the solution is?