Allow one OpenPGP key per alias #262
Comments
For the record: the userli WKD implementation already does this and I think that it's even mandatory from the WKD specification. We strip all UIDs except the one that matches the users mail address. Probably that means that users would have to pick one of their aliases before uploading a corresponding OpenPGP key. Otherwise, userli wouldn't know which UID to keep.
IIRC, one WKD entry must only contain one OpenPGP key. But my memories might be wrong here. I would imagine to allow exactly one key per address (one for the primary mail address and one for each alias). Alias deletion should take care of removing the corresponding WKD key as well. |
|
Prepared a mockup on how this might be done. The mockup also changes how one would delete ones key, which currently leads to its own page, and replaces that also with a modal form for uniformity. Personally i feel when having multiple user identities, opening and closing a modal form feels less clunky than going back-and-forth to subpages for each identity. Not sure how you feel about introducing modal forms to userli. Of course uploading could be their own page similar to the current delete PGP-key form.
|
Aliases are a core feature of Userli. We should support WKD lookup for them as well. We should at least enable to upload multiple keys per user and one key per alias.
To not break pseudonymity, I would encourage or maybe even enforce to not have multiple addresses per key. I think this is considered best-practice today. From https://posteo.de/en/help/policies-for-public-keys:
Furthermore, a key should be deleted when deleting the corresponding alias.
The text was updated successfully, but these errors were encountered: