[openpgp] Signer's User ID

"Neal H. Walfield" <neal@walfield.org> Thu, 15 September 2016 09:33 UTC

Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3377912B215 for <openpgp@ietfa.amsl.com>; Thu, 15 Sep 2016 02:33:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXHOuJnw2Li8 for <openpgp@ietfa.amsl.com>; Thu, 15 Sep 2016 02:33:13 -0700 (PDT)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) by ietfa.amsl.com (Postfix) with ESMTP id 6213E12B223 for <openpgp@ietf.org>; Thu, 15 Sep 2016 02:33:13 -0700 (PDT)
Received: from p50813126.dip0.t-ipconnect.de ([80.129.49.38] helo=grit.huenfield.org.walfield.org) by mail.dasr.de with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from <neal@walfield.org>) id 1bkT2b-0001Ym-0m for openpgp@ietf.org; Thu, 15 Sep 2016 09:33:09 +0000
Date: Thu, 15 Sep 2016 11:33:10 +0200
Message-ID: <87mvj9mrs9.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: IETF OpenPGP <openpgp@ietf.org>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/O0Mo_jlWmRyYSWQxsFzqLoRMqcs>
Subject: [openpgp] Signer's User ID
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2016 09:33:15 -0000

RFC 4880 says:

  5.2.3.22.  Signer's User ID

   (String)

   This subpacket allows a keyholder to state which User ID is
   responsible for the signing.  Many keyholders use a single key for
   different purposes, such as business communications as well as
   personal communications.  This subpacket allows such a keyholder to
   state which of their roles is making a signature.

   This subpacket is not appropriate to use to refer to a User Attribute
   packet.

In GnuPG, we use the user id's email address.  Thus, if a key has the
user id "Neal H. Walfield" <neal@walfield.org>;, and the user runs:

  echo data to sign | gpg --default-key neal@walfield.org -s

or

  echo data to sign | gpg --default-key 'Neal H. Walfield' -s

Then, in both cases we include this subpacket in the signature packet
with the string "neal@walfield.org";.


Note: we use data for locating the key via DANE or WKS as well as in
our TOFU implementation to identify the intended binding.


Since, IMO, the spec is unclear about the contents of this field and
Werner pointed out that another implementation could reasonably use
the hash of the user id here, I think it makes sense to clarify
exactly what is expected to increase interoperability.  My proposal to
standardize GnuPG's behavior is:

  5.2.3.22.  Signer's User ID

   (String)

   This subpacket allows a keyholder to state which User ID is
   responsible for the signing.  Many keyholders use a single key for
   different purposes, such as business communications as well as
   personal communications.  This subpacket allows such a keyholder to
*  state which of their roles is making a signature.  The value of
*  this subpacket is a byte-for-byte copy of the RFC 2822 mail name-addr
*  portion of the User ID.

   This subpacket is not appropriate to use to refer to a User Attribute
   packet.

Thanks,

:) Neal