In the real world is the email address optional? What do people want? In
PGP5 the email address is effectively mandatory, if you want to use the key
for Eudora, for example.
I'm asking what people THINK it should do not what people think of the PGP5
UI.
Date: Tue, 16 Sep 97 16:35:38 GMT
From: "William Allen Simpson" <wsimpson(_at_)greendragon(_dot_)com>
To: ietf-open-pgp(_at_)imc(_dot_)org
Subject: Principles and Principals
Sender: owner-ietf-open-pgp(_at_)imc(_dot_)org
What PGP currently does is more akin to SPKI Principals than X.509
Distinguished Names.
The PGP public-key is the principal. The principal is used to
"distinguish" all manipulations, such as signing and database
maintenance. A "hash" of the principal (really just the lower bits) can
also be used for database lookup.
The PGP principal signs a "tag" called the username (or just PGP user).
This tag is not really used to any degree, except for human recognition
and database lookup.
The optional email address part of the username tag is akin to the
optional SPKI <location> or <uri> modifier for finding a principal
subject or issuer.
All fits rather nicely, actually.... no matter what Ellison says.
Forget X.509. No good equivalents in PGP.
WSimpson(_at_)UMich(_dot_)edu
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BSimpson(_at_)MorningStar(_dot_)com
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2