vanitasvitae/openpgp-notes
1
0
Fork 0
mirror of https://codeberg.org/openpgp/notes.git synced 2025-02-16 17:16:25 +01:00
Code Issues Projects Releases Packages Wiki Activity

ch4: qualify split user id section with a footnote linking to dkg's 2019 blog outlining problems

Browse source
This commit is contained in:
Heiko Schaefer 2023-11-22 17:18:51 +01:00
parent c575165cd3
commit 142250277f
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
book/source/04-certificates.md
View file

@ -135,11 +135,13 @@ For further conventions on User IDs, refer to the document [draft-dkg-openpgp-us
**Split User IDs**
One proposed variant for encoding identities in User ID is to use ["split User IDs"](https://dkg.fifthhorseman.net/blog/2021-dkg-openpgp-transition.html#split-user-ids). This style of User IDs is currently uncommon, but there is no technical impediment to using this format right now.
One proposed variant for encoding identities in User ID is to use ["split User IDs"](https://dkg.fifthhorseman.net/blog/2021-dkg-openpgp-transition.html#split-user-ids). This style of User IDs is currently uncommon, but there is no strong technical impediment to using this format right now[^dkg-split].
[^dkg-split]: Note that in the past, there were stumbling blocks in the OpenPGP ecosystem, see ["What were Separated User IDs"](https://dkg.fifthhorseman.net/blog/2019-dkg-openpgp-transition.html#what-were-separated-user-ids) from January 2019, by Daniel Kahn Gillmor.
An argument for split User IDs is that a name and an email address are two distinct identities, which are easier to reason about separately. This is particularly relevant when third parties consider certifying that an identity is legitimately connected to a certificate.
For example, some third party may be sure about the email identity of a contact, and happy to issue a certification for an email-based identity (such as `<alice@example.org>`). But they may not have any insight into a name based identity (such as `Alice Adams`), and thus not willing to certify such a name-based identity.
For example, some third party may be sure about the email identity of a contact, and happy to issue a certification for an email-based identity (such as `<alice@example.org>`). But they may not have any insight into a name-based identity (such as `Alice Adams`), and thus not willing to certify such a name-based identity.
(primary_user_id)=
### Implications of the Primary User ID