RFC 4880 says:
5.2.3.22. Signer's User ID
(String)
This subpacket allows a keyholder to state which User ID is
responsible for the signing. Many keyholders use a single key for
different purposes, such as business communications as well as
personal communications. This subpacket allows such a keyholder to
state which of their roles is making a signature.
This subpacket is not appropriate to use to refer to a User Attribute
packet.
In GnuPG, we use the user id's email address. Thus, if a key has the
user id "Neal H. Walfield" <neal(_at_)walfield(_dot_)org>, and the user runs:
echo data to sign | gpg --default-key neal(_at_)walfield(_dot_)org -s
or
echo data to sign | gpg --default-key 'Neal H. Walfield' -s
Then, in both cases we include this subpacket in the signature packet
with the string "neal(_at_)walfield(_dot_)org".
Note: we use data for locating the key via DANE or WKS as well as in
our TOFU implementation to identify the intended binding.
Since, IMO, the spec is unclear about the contents of this field and
Werner pointed out that another implementation could reasonably use
the hash of the user id here, I think it makes sense to clarify
exactly what is expected to increase interoperability. My proposal to
standardize GnuPG's behavior is:
5.2.3.22. Signer's User ID
(String)
This subpacket allows a keyholder to state which User ID is
responsible for the signing. Many keyholders use a single key for
different purposes, such as business communications as well as
personal communications. This subpacket allows such a keyholder to
* state which of their roles is making a signature. The value of
* this subpacket is a byte-for-byte copy of the RFC 2822 mail name-addr
* portion of the User ID.
This subpacket is not appropriate to use to refer to a User Attribute
packet.
Thanks,
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp