-----BEGIN PGP SIGNED MESSAGE-----
The PGP public-key is the principal. The principal is used to
"distinguish" all manipulations, such as signing and database
maintenance. A "hash" of the principal (really just the lower bits) can
also be used for database lookup.
The PGP principal signs a "tag" called the username (or just PGP user).
This tag is not really used to any degree, except for human recognition
and database lookup.
I think this is a great way to look at it. Using the public key, its
hash or fingerprint as *the* DN allows all sorts of important
functionality like authorisations. E-mail is probably the most
widespread use of PGP at the moment, but can be considered separately.
E-mail users in effect can state to the world (via keyservers) that
their public key 'speaks' for a certain address (to use SPKI lingo). So,
if a key is to be used for e-mail, it must contain such a 'tag' with an
e-mail address. If not, no problem.
With this approach, the distributed keyserver problem becomes simpler.
E-mail messages in RFC822 format should contain a From: field; users
should simply ensure that the address in this field is included as a
'tag' on their public key. Or you could use a solution like PGP5 and
include an X header that specifies exactly how the key can be looked up.
Other protocols/message exchange systems can be considered separately.
Ian >:)
-----BEGIN PGP SIGNATURE-----
Version: Cryptix 2.21
iQCVAgUANCeY3ppi0bQULdFRAQF3/QP/RXaQXrtR93KGn0o03hfR7o3kKYQVhUBMOTldFNymtYlZ
kDRsCBZEFtc6m1Gxz9p5O8ufqR1m3NqZW9jX24gwlvoogG8fRsEvTJfKV4bJfw1kkKMvjlRECeNX
Am22UnM3KxcnkJ3zXjQ8UolVtZfNRvF9IOMDacIYHk1KO07trBo=
=765r
-----END PGP SIGNATURE-----