Follow

folks:

What's your idea on the name field? What if I use a pseudonym and let it be known that that's me?

Other than discoverability and ease of identification, is there any purpose?

@celia Main goal of the name is obviously identification. As long as you can be identified (which can be as your pseudonym), that's totally fine.

This could be done with social proofs, such as @keyoxide uses.

However, the original idea is that you use your passport or id card and identify yourself on key signing partys to create a web of trust. But this idea is dragging itself to death.

Nowadays verification is way easier/better using email addresses like keys.openpgp.org does or WKD.

@sheogorath Very interesting, thank you! I wonder the same about the email field too - if you have any thoughts on it at all?

@celia Same thing. The e-mail field is there to identify an email address of yours.

It is quite important when using WKD or keys.openpgp.org, however, but you might just publish a key as form of a armoured key.txt on your website, which can contain any email address.

The main use-case of the email field is as a selector, for example by your email client, to find the right key for the people who want to send a mail to.

@celia Some further info on key discovery, which might explains some remaining open questions:

shivering-isles.com/Lets-disco

If you’re okay with publishing your name and e-mail address there is no reason not to use it :) I see you’re using git so in a way you already do that (e.g. if someone clones the repo https://git.rusingh.com/hirusi/eleventy-plugin-safe-external-links and does git show it’s there).

Using a pseudonym is also OK and there are quite a few keys that use them but in general then people use that pseudonym everywhere (including Mastodon, git, etc).

The original design with Name + Email was that people verified IDs (government) and vouched for the User IDs (Name + Email) that they think are valid. The e-mail verification was also used. So some people may not want to sign the pseudonymous User ID but they'd sign one containing your real name.

But this was mostly in the past and you can safely ignore it if you want.

Hope that helps! 👋

@celia When someone signs your key, they certify that it belongs to someone who is known under this name and nothing else. Without the name, there would be no purpose in signing each other keys and building the web of trust.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.