Re: Signer's User ID

Ian Grigg <iang@systemics.com> Thu, 21 July 2005 13:43 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvbL4-0000N9-HC for openpgp-archive@megatron.ietf.org; Thu, 21 Jul 2005 09:43:50 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA00355 for <openpgp-archive@lists.ietf.org>; Thu, 21 Jul 2005 09:43:47 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LDVeoR056613; Thu, 21 Jul 2005 06:31:40 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6LDVeeA056612; Thu, 21 Jul 2005 06:31:40 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from postix.sonance.net (mx2.sonance.net [62.116.45.130]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LDVdtK056594 for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 06:31:40 -0700 (PDT) (envelope-from iang@systemics.com)
Received: from localhost (localhost [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id 1417B1A34F2; Thu, 21 Jul 2005 15:30:51 +0200 (CEST)
Received: from postix.sonance.net ([127.0.0.1]) by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22580-01; Thu, 21 Jul 2005 15:30:50 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by postix.sonance.net (Postfix) with ESMTP id 706F11A349F; Thu, 21 Jul 2005 15:30:50 +0200 (CEST)
From: Ian Grigg <iang@systemics.com>
To: Werner Koch <wk@gnupg.org>
Subject: Re: Signer's User ID
Date: Thu, 21 Jul 2005 14:30:08 +0100
User-Agent: KMail/1.8.1
Cc: ietf-openpgp@imc.org
References: <87u0iok99n.fsf@wheatstone.g10code.de> <200507211311.58692.iang@systemics.com> <87oe8wi9ls.fsf@wheatstone.g10code.de>
In-Reply-To: <87oe8wi9ls.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200507211430.11810.iang@systemics.com>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at sonance.net
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

On Thursday 21 July 2005 14:15, Werner Koch wrote:
> On Thu, 21 Jul 2005 13:11:56 +0100, Ian Grigg said:
> 
> > But it recalls to mind what we do in contract issuance.  In
> > our model, we add strings to every keyId in the chain.  These
> > "roles" then inform the software of how to prepare and check
> 
> This works well when using a new key for each role. 
> 
> Assuming you would add the rules as different UID to one key you can't
> see from a signature which role/UID was used to sign the document.
> The Signer's User ID is a solution to this; however it is far easier
> to create separate keys.

I agree entirely, that's in fact what we do, and
the software rejects any additional roles that
might be present.

There's also the issue that generally different
roles have different security models, so for
example ones [certification] key might be better
off locked in the safe.

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting