search

systemli / userli

Web application to (self-) manage email users and encrypt their mailboxes.
https://systemli.github.io/userli/
GNU Affero General Public License v3.0
65 stars 13 forks source link

Allow one OpenPGP key per alias #262

Open t2d opened 4 years ago

t2d commented 4 years ago

Aliases are a core feature of Userli. We should support WKD lookup for them as well. We should at least enable to upload multiple keys per user and one key per alias.

To not break pseudonymity, I would encourage or maybe even enforce to not have multiple addresses per key. I think this is considered best-practice today. From https://posteo.de/en/help/policies-for-public-keys:

OpenPGP keys

Your public OpenPGP key must fulfill the following criteria if you wish to store it at Posteo:

  • The name field must be empty or contain your email address only
  • The public key can only contain one email address. Subkeys or multiple email addresses are not permitted.
  • The key must contain your Posteo email address or one of your alias addresses
  • The key must not be signed by others
  • The key must not contain a photo or any other personal details

Furthermore, a key should be deleted when deleting the corresponding alias.

doobry-systemli commented 3 years ago

To not break pseudonymity, I would encourage or maybe even enforce to not have multiple addresses per key.

For the record: the userli WKD implementation already does this and I think that it's even mandatory from the WKD specification. We strip all UIDs except the one that matches the users mail address.

Probably that means that users would have to pick one of their aliases before uploading a corresponding OpenPGP key. Otherwise, userli wouldn't know which UID to keep.

We should at least enable to upload multiple keys per user and one key per alias.

IIRC, one WKD entry must only contain one OpenPGP key. But my memories might be wrong here. I would imagine to allow exactly one key per address (one for the primary mail address and one for each alias).

Alias deletion should take care of removing the corresponding WKD key as well.

y3n4 commented 10 months ago

Prepared a mockup on how this might be done.

The mockup also changes how one would delete ones key, which currently leads to its own page, and replaces that also with a modal form for uniformity. Personally i feel when having multiple user identities, opening and closing a modal form feels less clunky than going back-and-forth to subpages for each identity.

Not sure how you feel about introducing modal forms to userli. Of course uploading could be their own page similar to the current delete PGP-key form.

Unbenanntes Diagramm