In general, I like this proposal. It seems like a good way forward. It should be made very clear to the user that a commit authored by a key-derived ID does not imply the commit is signed by that key or provide any security guarantees; anyone can put anything in that field, same as it is now. I could see someone seeing a commit authored by <47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU@_.sha256.ssh.id.git-scm.com> and thinking that implies the commit was signed by `47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU`. On 2022-09-19 14:52:31+0000, brian m. carlson wrote: > +Anonymous IDs > +------------- > + > +Git will implement a new form of email address which is acceptable to existing > +implementations but is not valid according to RFC 1123. This takes the form of > +an email address where the local-part contains the identifier and the domain > +portion starts with `_.` and then a domain specifier which specifies an > +authority and the meaning of the identifier. > + > +In such a case, Git will specify the username as a single U+2060 in UTF-8 (the > +byte sequence 0xE2 0x81 0xA0), which is a zero width non-breaking space. This > +is compatible with existing implementations. Could you add a note here explaining why that character was chosen for the name field? It seems like it would be easier to work with a single printable character like `?` or `X`, but maybe that doesn't matter here.
