per-user data signatures [was: Re: multiple keys vs multiple identities]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Sep 24 17:23:01 CEST 2010
On 09/24/2010 10:30 AM, Simon Richter wrote:
> Of course. I was talking about data signatures, i.e. "I'm signing this
> with my work hat on".
ah, gotcha. sorry for the misunderstanding.
> The main use case I have is my Debian work -- when I sign a .changes
> file, the Debian archive will accept it, even if the package in question
> was really intended for another repository (where I use the same key for
> As my main key is well-established in the WoT, I'd like to use the
> existing connections to get a trust path; however using the key directly
> leads to the problem that the signature can be interpreted in multiple
yeah, this makes sense. in the context of debian packaging, the
material signed is relevant. if your changelog says "unstable" then
debian will accept it. if you're uploading it to some other repo, that
repo would presumably be named something other than "unstable".
fwiw, it wouldn't be difficult to propose such a notation, and it should
be possible to implement it quickly in debsign using gpg's --set-notation.
However, testing right now, it doesn't seem to work with gpg for regular
echo test | gpg --sign --set-notation 'test at example.org=test' | \
does not show the notation :(
Werner, David, is this expected behavior? am i doing something wrong?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 892 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users