On 01/23/2014 05:50 PM, Steve Jones wrote: > I've been thinking about UIDs in keys, rfc4880 section 5.1 says that by > convention a UID is an rfc2822 email address but this is not a > requirement[1]. Gnupg does enforce that restriction unless you explicitly > disable it. It would seem to make sense to include other strings that can > identify a user, many people have various URLs which could be said to relate > to their identity, Facebook accounts, blogs etc... It could potentially be > useful to be able to associate a key with these other identities, i.e. if you > get an email purporting to be from someone you only know on a webforum it > would be useful to be able to verify this. I'm curious what other people on > this list think of this.
There are already systems that make use of the flexibility in this field. For example SSH hosts can publish their RSA host key in an OpenPGP certificate using the monkeysphere (i'm a contributor to the monkeysphere project): http://web.monkeysphere.info/ Other people advocate including a human-readable name without an e-mail address as a User ID, so that you can refer to a person without making any claim about e-mail addresses (i'm don't find the utility of this use case particularly convincing myself, but it doesn't seem terrible). So the general question you're asking about is being done already. As for facebook or openid or webforums other identifiers, i don't think those have been particularly well-thought through yet. Under what circumstances would you use them? --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
