Marco Baringer writes:
Anthony Ventimiglia anthony@ventimiglia.org writes:
- You'll need to specify the user id. The user id can not change (it is infact encoded in the key) and should represent who (and in what role) uses this key. As an example I have two keys, one is for me personally and has my name and my regular email address, another was created for the purpose of being a common-lisp.net developer, and has my name but uses the mbaringer@common-lisp.net email address.
That's not right, You can associate multiple ID's with a single key, there is no need to generate separate keys for different email addresses.
that's not quite what i meant. What i believe is that you should have one key for each "role" you act, work, personal/family, open source developer, porn star, etc.
If stuff is signed with my work key that means one thing (mainly that I take "business" responsibility for what I'm saying), while stuff i'll sign with the mbaringer@common-lisp.net key is going to be for a very different public. but hey, that's just the way i see it.
Well the way you worded it made it seem like the UID could not change, If we're planning on writing a text for folks who don't really know gpg/pgp, we have to keep that in mind.
I understand your point, but I don't agree with it. If I trust you personally, I should trust you in your role at work, porn or whatever. Having multiple keys to me seems like it would lead to a hassle in key management, and ultimatley take away from the whole idea of the "Web of trust" we are aiming for. In practice, I don't think many people do it that way.
Take Debian's model for example, in order to get onto the Debian Keyring, you need to physically meet with another Debian developer, show some form of ID and exchange public keys (this may not be the only way, I've been out of the Debian loop for a while). Now let's say the two of us meet, prove our identities to each other and exchange public keys for our common-lisp.net addresses. Now if we both have one key, I can be confident of who you are no matter what role you sign something in, be it work, personal or porn star fluffer.