User id's without person's name, only email

Andrew Gallagher andrewg at
Wed Nov 17 20:04:57 CET 2021

On 17/11/2021 18:15, Robert J. Hansen wrote:
>> Mapping a "Real Name" to an email address is a conceptually different
>> thing from mapping an email address to a public key.
> Except that should we be mapping keys to email addresses in the first 
> place?
> When we sign a certificate we make an assertion that this cryptographic 
> material is controlled by this entity.  I control the cryptographic 
> material associated with certificate 0x1DCBDC01B44427C7. 
> rjh at controls nothing -- it's just one of several places 
> I pick up mail.

A cryptographic signature does not attest that anything belongs to you, 
the meatspace person - it merely attests a relationship between some 
cryptographic material and a particular identifier. The interpretation 
of the identifier is context-dependent and highly subjective.

If I want to send an email to you, I have to identify you to my MUA. If 
I want to encrypt it, I have to ask the MUA to associate the identifier 
I just gave it with a key. I either select your name from an address 
book (in which case the unique ID is your email address) or I type in 
your email address by hand. It doesn't matter how many other identifiers 
(emails, post boxes, passport numbers) you have - from my POV, and that 
of my MUA, they are irrelevant because they don't let me identify you 
any more precisely than I already can with just one.

The cryptographic binding is always between key material and a 
machine-readable identifier. This identifier may or may not be globally 
unique, but it should be unique in the context of the system within 
which it is used (e.g. my MUA). The mapping of contextual identifiers 
onto meatspace is a philosophical question that is beyond the reasoning 
capability of a computer, and the ability of natural persons to assume 
and discard identifiers is a feature, not a bug.

> I have long considered mapping keys to email addresses to be a 
> fundamental flaw.  It obscures exactly what it is we're trying to 
> assert: that cryptographic material is controlled by *people*.
Some cryptographic material is created, used and destroyed without any 
human interaction whatsoever, e.g. TLS session keys. The session key is 
signed by the server key to state "this session key is controlled by me" 
(i.e. the server). The server may be controlled by an organisation, and 
the organisation by people (or the people by the organisation, depending 
on your point of view!).

The point being that there are many layers of abstraction between the 
cryptographic material and a natural person. Software can only make and 
test claims about some of those layers at best, and some of those layers 
may not even be meaningful to the end user, depending on the context.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list