ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes

2018-06-30 07:35:11
On 06/29/2018 09:55 PM, Wiktor Kwapisiewicz wrote:
Well, User IDs are not easier to work with than User Attributes.

Leo by "are not easier to work with" did you mean "User Attributes
*could be* as easy to work with as UIDs" if you proposal was accepted
*and* supported by most OpenPGP software?

I should have said “User IDs are not easier to work with than specified
User Attributes”, indeed. The fact that the only specified User
Attribute is a picture User Attribute, that has little use, is something
that contributes to the bad reputation of User Attributes.

But User IDs are (binary representation aside) exactly like a User
Attribute with type -1 that would be defined as “any UTF-8 string that
more or less represents the user”. Once reworded this way, would you
still oppose the addition of more well-defined attributes? (NB: this
would be for v5 keys, so software would have to be updated anyway, and
adding a basic representation for a few UTF-8 User Attributes doesn't
sound like the biggest change in the game -- though if User IDs were
removed too, as I'd love, then this may be the biggest change, at least
for the UI side)

All I'm saying is: we should not be wary of defining User Attributes.
It's a woefully underused part of the standard, and the fact it's so
underused (and specified for a single almost-useless purpose) makes
people fear using them.

I think the difference is quite significant (by what is working now vs
hypothetical future).

If you mean they are easy to work with now do tell me what's that
attribute for that I've got on my key
(0x653909A2F0E37C106F5FAF546C8857E0D8E8F074):

  uid  [ultimate] Wiktor Kwapisiewicz <wiktor(_at_)metacode(_dot_)biz>
  uid  [ultimate] [unknown attribute of size 83]

I had a lot of questions about this attribute from other people, so it's
not like attributes are currently "easy to work with" in my opinion.

Well, using unspecified User Attributes will get you a lot of questions
indeed. But if you started putting packets with unspecified tags on your
key you likely would break a number of tools too, that doesn't mean
packets aren't easy to work with :)

BTW, it appears to contain

openpgpid+cookie:@https://gist.github.com/wiktor-k/389d589dd19250e1f9a42bc3d5d40c16
This is a typical example of something that would deserve a *specified*
User Attribute, like
    github=wiktor-k (with type “free-form tag=value” and notation
“automated-verification-gist=389d589dd19250e1f9a42bc3d5d40c16”)

Which would display neatly on platforms that support the very simple
type=“free-form tag=value” User Attribute I'm proposing (it's UTF-8),
and be quite easy-to-understand to the end-user seeing this if there is
no support in their software for the specific “github” tag (at least
more than the openpgpid+cookie URL).

Actually the “free-form tag=value” is really the most important type of
User Attribute I'm putting forward: it is a building block that is
enough for almost all other purposes, but that cannot be replicated
using only what we currently have without awful hacks (eg. storing
type=value directly in the User ID field, which is the “least bad”
option with RFC4880 as it is currently defined).

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>