[Top] [All Lists]

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))

2018-06-28 04:35:47
On 06/28/2018 03:44 AM, Jon Callas wrote:
Forgive me, Leo, but I don’t understand what problem you’re trying to solve, 
but I’m going to say that’s my fault. Nonetheless, could you reiterate for 
those of us who weren’t paying proper attention before?

No problem!

UserIDs are intentionally a huge hand wave. It’s an arbitrary UTF-8 field. 
Put whatever you want into it. Yes, by convention it’s an email address, but 
even at the time that that was common it was convention only. When I was with 
PGP Corporation, we made software signing keys that merely said they were 
software signing keys, as well as other keys that had no email address, but a 
text description of what they were.

Well, the idea is that User IDs are a huge hand wave indeed, and that
seems to make exploiting this hard, esp. around signature, as that most
often means (in my experience) that I can't sign an email address
without signing a name and reciprocally.

So I think splitting the User IDs into orthogonal fields would make
signing these fields (as well as setting trust signatures with
constraints) much easier.

Currently, the fields I am thinking of would be defined as User
Attributes, and would be:
 * name (for the real-world name of the owner)
 * email
 * role (would fit the software signing key case, or role of the owner
of a key inside an organization)
 * pseudonym (not really sure this one would be really useful, but this
would allow people's signing policy for pseudonyms to differ from the
signing policy for names, eg. noticing persistent use of the same
pseudonym vs. checking government-issued ID, without misleading
verifiers into thinking that the pseudonym was actually a
government-validated name)
 * free form tag=value (for eg. xmpp=foo(_at_)example(_dot_)org, github=bar, 

Not all of these fields would need to be filled-in, obviously, and a key
could have any number of each.

The main point of this is to make eg. automated signature of email
addresses possible without impacting user interface by requiring an
email address in a separate User ID.

Also, I don't think it would reduce the freedom currently offered by
User IDs, because there would always be the free form tag=value User
Attribute for marginal cases. But it would incite people to put the
right value into the right field, and would likely make life easier for
both automated and non-automated signers.

Is what I'm thinking of more clear now? :)

There’s no reason you can’t put whatever you want in some other
sub-packet or what.

The problem with putting it in another sub-packet is that it can't
replace User IDs, and User IDs will thus always be the thing that is
used for signature and verification. And this would mean there would be
no point in this change.

openpgp mailing list

<Prev in Thread] Current Thread [Next in Thread>