Alternate user ids
Robert Levin
levin at openprojects.net
Mon Jun 1 09:40:03 CEST 1998
On Mon, 1 Jun 1998, Werner Koch wrote:
> The solution is quite simple: We use OpenPGP sub-packets (a private one
> for now) to store the hash of the key and the user id to be signed. If
> the signature of the user id which is directly signed is okay we can
> proceed and compare the hash values of the alternate user ids, if they
> compare okay we have a valid signature on the other user id too. If
> they don't match we know that the signature is invalid or calculated
> on a user id which has been removed. This methods needs only 23
> additional bytes per signed alternate user id compared to about 68
> for a complete DSA signature (or even more for an ElGamal signature).
> It also saves time, as the time consuming signature verification has
> only to be done once.
Sounds great.
Rob L.
More information about the Gnupg-devel
mailing list