Re: Signer's User ID

David Shaw <dshaw@jabberwocky.com> Thu, 21 July 2005 12:07 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvZq4-0001n7-3Z for openpgp-archive@megatron.ietf.org; Thu, 21 Jul 2005 08:07:44 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA24180 for <openpgp-archive@lists.ietf.org>; Thu, 21 Jul 2005 08:07:42 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LBt3tw022043; Thu, 21 Jul 2005 04:55:03 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6LBt3T0022042; Thu, 21 Jul 2005 04:55:03 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.198.35]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LBt39b022005 for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 04:55:03 -0700 (PDT) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (rwcrmhc11) with ESMTP id <2005072111545201300rgveee>; Thu, 21 Jul 2005 11:54:57 +0000
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j6LBsv0R006286 for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 07:54:57 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j6LBspVr008689 for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 07:54:51 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j6LBspkI008688 for ietf-openpgp@imc.org; Thu, 21 Jul 2005 07:54:51 -0400
Date: Thu, 21 Jul 2005 07:54:51 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: ietf-openpgp@imc.org
Subject: Re: Signer's User ID
Message-ID: <20050721115451.GD6846@jabberwocky.com>
Mail-Followup-To: ietf-openpgp@imc.org
References: <87u0iok99n.fsf@wheatstone.g10code.de> <1121934770.13664.167.camel@firenze.zurich.ibm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1121934770.13664.167.camel@firenze.zurich.ibm.com>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.8i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Thu, Jul 21, 2005 at 10:32:50AM +0200, Jeroen Massar wrote:
> On Thu, 2005-07-21 at 07:39 +0200, Werner Koch wrote:
> > Hello!
> > 
> > I'd like to have a clarification of the signature subpacket
> > 
> >   5.2.3.22. Signer's User ID
> 
> <SNIP>
> 
> > OTOH, for applications it makes more sense to have just the vanilla
> > mail address (mailbox@domain) here.  This would make it easier to
> > compare a mail's From address to the actual signature.
> 
> As I actually never really took time to read the full spec, I didn't
> come across of this before, but this is indeed ideal for making keys
> distributed in nature.
> 
> "Solution" for making it distributed would be:
> http://www.imc.org/ietf-openpgp/mail-archive/msg11035.html

That message suggests adding the signer's name to signatures in some
manner, and then using that to hint to the keyserver which key to
fetch when verifying a signature.  It seems a fairly roundabout way to
get a key.

Why not just do this directly?  We already have a keyserver subpacket
(24), which is an URL, so it can even point to a web page.  If a
signer wants to give "how to get my key" information in their
signature, just point to it directly.

> Question to Werner: does gnupg support the above item, if not can we add
> it, and secondly could we have gnupg then derive the keyserver from it
> as I noted before? (read: want a patch?)

GnuPG already supports what I said above.  And if you set
auto-key-retrieve, it'll even fetch the key for you automatically when
it sees a signature with such information.

David