Just to reply to my own point - I think that one thing that bothers me is that it's perfectly valid for two public keys to have the same fingerprint. The only thing it screws up is the unique index in a database that has nothing directly to do with PGP itself. There's no immediate requirement for one or other person using the keys to change.
Whereas if two people get accidentally allocated the same e-mail address, then that actually buggers up mail delivery on the Internet a bit. E-mail delivery for one or both people will, in principle, be broken until one or other of them gives up the e-mail address.
I don't like the idea of creating a system that by implication invalidates something that would have been valid before (two keys with identical fingerprints). I'd far rather base it around something that's aleady invalid (fingerprint and e-mail pairs that are identical).
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
Re: "PKI needs more than a name"
Date: 2002-06-11 06:50 am (UTC)Whereas if two people get accidentally allocated the same e-mail address, then that actually buggers up mail delivery on the Internet a bit. E-mail delivery for one or both people will, in principle, be broken until one or other of them gives up the e-mail address.
I don't like the idea of creating a system that by implication invalidates something that would have been valid before (two keys with identical fingerprints). I'd far rather base it around something that's aleady invalid (fingerprint and e-mail pairs that are identical).
Did that make any sort of sense?