[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signer's User ID

To: Ian Grigg <iang@xxxxxxxxxxxxx>
Subject: Re: Signer's User ID
From: Werner Koch <wk@xxxxxxxxx>
Date: Thu, 21 Jul 2005 15:15:11 +0200
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <200507211311.58692.iang@xxxxxxxxxxxxx> (Ian Grigg's message of "Thu, 21 Jul 2005 13:11:56 +0100")
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=5B0358A2; url=finger:wk@xxxxxxxxxxx
Organisation: g10 Code GmbH
References: <87u0iok99n.fsf@xxxxxxxxxxxxxxxxxxxxx> <200507211311.58692.iang@xxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)

On Thu, 21 Jul 2005 13:11:56 +0100, Ian Grigg said:

> But it recalls to mind what we do in contract issuance.  In
> our model, we add strings to every keyId in the chain.  These
> "roles" then inform the software of how to prepare and check

This works well when using a new key for each role. 

Assuming you would add the rules as different UID to one key you can't
see from a signature which role/UID was used to sign the document.
The Signer's User ID is a solution to this; however it is far easier
to create separate keys.

> to the users.  That's very important in legal work as anything
> that hides intent in special packets leads to questions as to
> whether the software was doing the right thing.

Agreed.


Salam-Shalom,

   Werner

Follow-Ups:
- Re: Signer's User ID
  - From: Ian Grigg

References:
- Signer's User ID
  - From: Werner Koch
- Re: Signer's User ID
  - From: Ian Grigg

Prev by Date: Re: Freeh testimony mentioning ADK (Re: Signature Subpacket 10?)
Next by Date: Re: Signer's User ID
Previous by thread: Re: Signer's User ID
Next by thread: Re: Signer's User ID
Index(es):
- Date
- Thread