On 5/2/2010 8:59 PM, Greg A. Woods wrote: > At Sat, 01 May 2010 12:54:24 -0700, Junio C Hamano <gitster@xxxxxxxxx> wrote: > Subject: Re: PATCH: Less fragile lookup of gpg key >> >> If I have two keys like these: >> >> Junio C Hamano <gitster@xxxxxxxxx> >> Junio Hamano <gitster@xxxxxxxxx> > > I'm not an expert on PGP internals or such, but I think that's a really > bad thing to do. I'm surprised you were able to get gpg to do it in the > first place. I would have hoped it wouldn't allow it. As far as I can > tell it's _not_ compatible with other implementations of PGP. > > PGP keys normally are searched by the e-mail portion only. All the > other stuff (comments and the display name, etc.) is for decoration > only. This is just as it is in e-mail routing too of course. > > You can of course have more than one e-mail address per key, but you > should NEVER have more than one key per e-mail. > > I.e. it's less reliable in the first place to have two different keys > which can be found using the same e-mail address. > This might be getting a little off-topic for the git list, but... It's a weird thing to do, which is why I didn't account for it in the original patch, but the RFC doesn't have any specific requirements regarding what a UID is: 5.11. User ID Packet (Tag 13) A User ID packet consists of UTF-8 text that is intended to represent the name and email address of the key holder. By convention, it includes an RFC 2822 [RFC2822] mail name-addr, but there are no restrictions on its content. The packet length in the header specifies the length of the User ID. Ultimately the key ID is the unique identifier, so there's nothing technically wrong with creating multiple keys with the same email. It will cause some email clients to flip out, but that's a non-issue with git tags. But if someone is a regular user of OpenPGP, and they get two signatures from the same email address with different keys, the assumption is going to be that at least one of them is a forgery. Maybe the keys are cross-signed if, for example, someone is phasing out an old 1024-bit key with a new 2048-bit one. But that's still going to raise a few eyebrows. And even in that case, you still probably want to sign everything with the same key. If you look at any day-to-day usage of gpg, or examples posted around, they're almost always going to just pass an email address only with the -u flag, if they use the -u flag at all. I don't think you're going to find any examples or tutorials that suggest you type: gpg -u "Junio Hamano <gitster@xxxxxxxxx>" --armor --sign file.txt they'll all use: gpg -u gitster@xxxxxxxxx --armor --sign file.txt And normally a user wouldn't even use the -u flag to begin with. They would just go with the default secret key on your keyring. But that might have a different email address than your git settings, so it does make sense to use -u within git. I personally think that using multiple keys with the same UID falls into the 'advanced user' category, where you can expect the advanced user to figure out how to deal with the exceptional usage, and have the defaults set out to cover the general case. But all that being said, I don't have a problem with the proposed solution of falling back to a straight email search after the username + email search fails. -- Grant "Can you construct some sort of rudimentary lathe?"
Attachment:
signature.asc
Description: OpenPGP digital signature