On Tue, Jul 29, 2014 at 01:02:00PM +0200, Max Mehl wrote:
# Bernhard Reiter bernhard@intevation.de [29.07.2014 @ 12:03]:
On Saturday 26 July 2014 at 14:02:45, John Darrington wrote:
I have never heard the word "certificate" used to refer to a PGP key.
Having two terms for the same thing is bringing more confusion than understanding. A key itself is useless without the extra data, including the signatures. The whole difficulty is in the "certification" part. Your arguments come from the perspective of the tiny subset of crypto aware computer users, that know more details, too many details as are necessary of usage.
You may be right with your definition and its implications if we use two terms for the technically same thing -- I'm not able to judge in this discussion.
But if we use the term "certificate" in the leaflets, I'm sure that novice users will be confused during the setup of their GnuPG infrastructure. For example Enigmail (a tool which many beginners will use) only uses the term "keys" and emailselfdefense (to which we refer for installation guidelines) as well.
I'll have to agree with Max here. Basically every single howto for GnuPG and other crypto tools that I've seen so far talks about "keys" rather than "certificates".
Since the flyers are aimed at people with no great technical expertise in the area, we probably want to use terms that enable them to find additional help in the (very likely) case they need it.
Best regards, Karsten