Re: Signer's User ID

Werner Koch <wk@gnupg.org> Thu, 21 July 2005 13:37 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvbF1-0005r4-Lu for openpgp-archive@megatron.ietf.org; Thu, 21 Jul 2005 09:37:35 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA29828 for <openpgp-archive@lists.ietf.org>; Thu, 21 Jul 2005 09:37:33 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LDKtWu052317; Thu, 21 Jul 2005 06:20:55 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j6LDKtX5052316; Thu, 21 Jul 2005 06:20:55 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j6LDKs7O052295 for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 06:20:54 -0700 (PDT) (envelope-from wk@gnupg.org)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.50 #1 (Debian)) id 1DvZzD-0000ER-Nu for <ietf-openpgp@imc.org>; Thu, 21 Jul 2005 14:17:11 +0200
Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DvatL-0006p0-IM; Thu, 21 Jul 2005 15:15:11 +0200
To: Ian Grigg <iang@systemics.com>
Cc: ietf-openpgp@imc.org
Subject: Re: Signer's User ID
References: <87u0iok99n.fsf@wheatstone.g10code.de> <200507211311.58692.iang@systemics.com>
From: Werner Koch <wk@gnupg.org>
Organisation: g10 Code GmbH
OpenPGP: id=5B0358A2; url=finger:wk@g10code.com
Date: Thu, 21 Jul 2005 15:15:11 +0200
In-Reply-To: <200507211311.58692.iang@systemics.com> (Ian Grigg's message of "Thu, 21 Jul 2005 13:11:56 +0100")
Message-ID: <87oe8wi9ls.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Thu, 21 Jul 2005 13:11:56 +0100, Ian Grigg said:

> But it recalls to mind what we do in contract issuance.  In
> our model, we add strings to every keyId in the chain.  These
> "roles" then inform the software of how to prepare and check

This works well when using a new key for each role. 

Assuming you would add the rules as different UID to one key you can't
see from a signature which role/UID was used to sign the document.
The Signer's User ID is a solution to this; however it is far easier
to create separate keys.

> to the users.  That's very important in legal work as anything
> that hides intent in special packets leads to questions as to
> whether the software was doing the right thing.

Agreed.


Salam-Shalom,

   Werner