per-user data signatures [was: Re: multiple keys vs multiple identities]
dshaw at jabberwocky.com
Tue Sep 28 04:51:24 CEST 2010
On Sep 24, 2010, at 2:52 PM, Phil Brooke wrote:
> On Fri, 24 Sep 2010, David Shaw wrote:
>> There is actually a defined field for this in OpenPGP (see section 18.104.22.168, Signer's User ID). I don't think anyone implements it though.
> Is there any particular difficulty or reason for it not being implemented by anyone? (It looks very similar to, for example, the policy URL signature subpacket.)
No real reason. Nobody has ever shown a major need for it - it's been in the spec for almost 12 years without much fanfare. Even if it were implemented today, it would suffer from the fact that all the software to date assumes that a valid signature is a valid signature, and does not take into account which "hat" the signer was wearing at the time.
More information about the Gnupg-users