Selecting primary UID

Werner Koch wk@gnupg.org
Tue Jun 26 13:16:02 2001


 || On Tue, 26 Jun 2001 11:38:45 +0100
 || Lee Evans <lee@vital.co.uk> wrote: 

 le> This would suggest that I have signed it in my role as an agent
 le> of Vital Online. I am no legal expert, but it would be arguable

There used to be no role concept in PGP and that is what's implemented
in GnuPG.  A signature does not carry any information which user ID
was used to create the signature - just the key. That's a property of
digital signatures: Signing a message just states that you are owning
a certain piece of information.  With OpenPGP this is just the key.

The good news is that OpenPGP defines an optional piece of
information:

5.2.3.21. Signer's User ID

   This subpacket allows a keyholder to state which user id is
   responsible for the signing. Many keyholders use a single key for
   different purposes, such as business communications as well as
   personal communications. This subpacket allows such a keyholder to
   state which of their roles is making a signature.

However I have not yet seen this used and it is not implemented in
GnuPG. The definition in OpenPG is also not very clear because it does
not state how this information is made up.  We can just assume that it
is the entire user ID packet - not very space efficient.[1]

 le> user ID, just the associated self-signature. The UID will still
 le> remain with the key, and I assume the previously signed keys will

That is the same as with the phone directory - You can walk
into a public library and lookup old phone numbers and addresses.
No way to avoid it.

  Werner


[1] If your company really has a need for this, please contact me at
wk@g10code.com and we can talk about that.

-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH      et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus