[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signer's User ID
On Thu, Jul 21, 2005 at 10:32:50AM +0200, Jeroen Massar wrote:
> On Thu, 2005-07-21 at 07:39 +0200, Werner Koch wrote:
> > Hello!
> > I'd like to have a clarification of the signature subpacket
> > 22.214.171.124. Signer's User ID
> > OTOH, for applications it makes more sense to have just the vanilla
> > mail address (mailbox@domain) here. This would make it easier to
> > compare a mail's From address to the actual signature.
> As I actually never really took time to read the full spec, I didn't
> come across of this before, but this is indeed ideal for making keys
> distributed in nature.
> "Solution" for making it distributed would be:
That message suggests adding the signer's name to signatures in some
manner, and then using that to hint to the keyserver which key to
fetch when verifying a signature. It seems a fairly roundabout way to
get a key.
Why not just do this directly? We already have a keyserver subpacket
(24), which is an URL, so it can even point to a web page. If a
signer wants to give "how to get my key" information in their
signature, just point to it directly.
> Question to Werner: does gnupg support the above item, if not can we add
> it, and secondly could we have gnupg then derive the keyserver from it
> as I noted before? (read: want a patch?)
GnuPG already supports what I said above. And if you set
auto-key-retrieve, it'll even fetch the key for you automatically when
it sees a signature with such information.