On Thu, Jul 21, 2005 at 10:32:50AM +0200, Jeroen Massar wrote:
On Thu, 2005-07-21 at 07:39 +0200, Werner Koch wrote:
Hello!
I'd like to have a clarification of the signature subpacket
5.2.3.22. Signer's User ID
<SNIP>
OTOH, for applications it makes more sense to have just the vanilla
mail address (mailbox(_at_)domain) here. This would make it easier to
compare a mail's From address to the actual signature.
As I actually never really took time to read the full spec, I didn't
come across of this before, but this is indeed ideal for making keys
distributed in nature.
"Solution" for making it distributed would be:
http://www.imc.org/ietf-openpgp/mail-archive/msg11035.html
That message suggests adding the signer's name to signatures in some
manner, and then using that to hint to the keyserver which key to
fetch when verifying a signature. It seems a fairly roundabout way to
get a key.
Why not just do this directly? We already have a keyserver subpacket
(24), which is an URL, so it can even point to a web page. If a
signer wants to give "how to get my key" information in their
signature, just point to it directly.
Question to Werner: does gnupg support the above item, if not can we add
it, and secondly could we have gnupg then derive the keyserver from it
as I noted before? (read: want a patch?)
GnuPG already supports what I said above. And if you set
auto-key-retrieve, it'll even fetch the key for you automatically when
it sees a signature with such information.
David