[Top] [All Lists]

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))

2018-06-29 07:22:55
On 06/29/2018 09:38 AM, Jon Callas wrote:
The main point of this is to make eg. automated signature of email
addresses possible without impacting user interface by requiring an
email address in a separate User ID.

Also, I don't think it would reduce the freedom currently offered by
User IDs, because there would always be the free form tag=value User
Attribute for marginal cases. But it would incite people to put the
right value into the right field, and would likely make life easier for
both automated and non-automated signers.

Is what I'm thinking of more clear now? :)


You could do this with User IDs. They are, after all, generic and you could 
thrown XML, JSON, or whatever else you wanted. It would be ugly (because most 
software presumes that it’s human-readable and human-useful), but it would 

Or you could do it with User Attribute Packets that are explicitly designed 
for this sort of thing. There’s only one type of attribute defined now, a 
photo. Section 5.12 defines them, notes that, also says that software SHOULD 
ignore types that it doesn’t recognize, and beyond that notes that (as usual) 
types of 100-110 are for private or experimental types. 

Indeed, that's exactly what I was hoping for, sorry for forgetting to
put in my summary that it'd be in User Attribute packets that I'd put
the relevant data :)

However, I was thinking of something a bit more extreme for the switch:
completely forbidding the User ID packet type in v5 keys, so that
software written for it could just assume it's in the “split” format.
That said, that's maybe a bit too extreme indeed.

I suggest this because there is an established framework for you to 
experiment and show the usefulness of what you’re doing. Make your own 
packet, number it 110, and go ahead. Or, write up an RFC draft, propose in it 
that you use 2 as the type, and get rough consensus and running code to do it 
for you.

Well that's likely best, but given I don't think I'll have time to
become a developer of OpenPGP software for at least a few months, I was
hoping to get positive feedback on the idea from at least one developer,
who'd be willing to try and implement such a draft were I to write it,
before spending too much time on writing the said draft :) but it sounds
like I'm having little luck for the time being.

openpgp mailing list