i-name XRI to GPG identity
Martin Blais
martin.blais at gmail.com
Sat Apr 23 22:16:12 CEST 2005
hi
i have been searching the web for information about creating GnuPG
identities mapped to a specific i-name rather than an email address.
i can't find anything about it.
i'm curious to see if anyone has made work on this issue.
context: my understanding of Identity Commons / XDI (OASIS) / 2idi
(com) is that they are attempting to establish a digital identity
framework by creating open standards and prototype implementations for
the [IMO unavoidable] establishment of an information brokerage
infrastructure. part of this exercise is the difficult task of
creating a global registry of identities, analog to DNS/ICANN, with a
mechanism to lookup specific info about a user (with
consent/encryption/trust, etc.) by looking up information brokers
(i-brokers) wihch would manage and serve this information. their
infrastructure defines protocols and is open, so that anyone could
implement any kind of information brokerage services. in this
context, i-names specify a unique identity, more or less like a domain
name. for example, from an i-name, you could get someone's email
address, with their permission (actually, this is the first example
application from 2idi, the first registrar to implement this system, a
contact page).
anyway, the first that comes to mind as a pgp user is for a brokerage
service to serve public keys from i-names. (most people tend to
think of single-sign-on as the prototypical application, but it can do
anything, the protocol is open and made generic on purpose). to be
very concrete, someone wanting to lookup my pgp key could query for
"=martin.blais/+pgpkey" to find the i-number of a i-broker that serves
my public key resource and then automatically fetch the key from the
system (this of course would be implemented by whatever software needs
it).
i-names are not meant to change as long as they're in use by a
specific individual (although, like email addresses, they can be
transferred and reused). this means, for example, that someone
wanting to reach me over the next 50 years could potentially look up
my current email address, or my postal address, by using my i-name (if
i decided to hvae broker that makes that public). my address can
change, my email can change, but my i-name won't. i'm sure you get
the idea.
1.
so, if this takes off (if _does_ look to me like the best, most open
effort to do this to date), being able to tie an i-name to an GPG
identity seems to me like a better option than tying it to an email
address.
(although, now that i think of it more, i suppose that the i-name/XRI
could point to a unique PGP key identity (i.e. the 0x_____ number),
and then indirectly use the pgp keyservers to lookup the key using
that number.)
2.
one kind of very important bit of information that could be brokered
is "permissions" to do something or other (e.g. login). this could be
easily implemented using pgp signatures to establish a trusted
network. seems like you guys should be involved in this idcommons
thing...
i just tried creating a new identity with gnupg-1.4.1 and i couldn't
not get away with entering an i-name instead of an email address. i
suppose that it wouldn't be hard to change the accepted format of the
identifier (i.e. do not require @ character in email, accept the XRI
char syntax).
any ideas?
p.s. please Cc replies, i'm not permanently on the list
More information about the Gnupg-users
mailing list