Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • W wkd-srv
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 3
    • Issues 3
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • immerdaimmerda
  • Container ImagesContainer Images
  • wkd-srv
  • Issues
  • #6
Closed
Open
Issue created Sep 06, 2022 by mh@mhOwner

Support keys where the uid is just the email.

Currently, we are filtering out the valid uids by filtering by uid as recommended by the GnuPG manual: https://www.gnupg.org/documentation/manuals/gnupg/Specify-a-User-ID.html#Specify-a-User-ID

Background is that the uid field in OpenPGP is just a string, that should follow the "Name " convention (https://datatracker.ietf.org/doc/html/rfc4880#section-5.11) and so far most tools did.

Which is what we are doing: https://code.immerda.ch/immerda/container-images/wkd-srv/-/blob/93820943d4bb4790831a881ea5a03fabc56cd4b6/lib/wkd-srv/key.rb

The Web Key Service RFC says that "The key needs to carry a User ID packet ([RFC4880]) with that mail address." (https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/) and since RFC4880 says that by convention the

However, this means, that we do not allow importing keys where the uid is just the email and nothing more, especially no enclosing <>.

First we should validate, whether the OpenPGP community actually thinks that this is actually as intended or whether you should only see uids with emailaddresses enclosed in <> as valid emails.

Then - if we should support keys with such formatted uids - we must make sure, that we filter out uids that either match the conventional email address filter OR have an exact match on the email address.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking