Locating Meta-data for the Primary Key
Let's say we want to look up the value of the attribute k
(e.g., Key Flags
) for the primary Key. Right now, we first find the primary User ID. If k
is present in the User ID's binding signature, we return its value. If not, we consider the direct key signature. That is, we:
-
Check the primary User ID's binding signature for
k
, if found, return its value. -
Check the direct key signature for
k
, if found return its value. -
Otherwise, fail.
We should change this to find the primary User Thing, which is either a User ID or a User attribute. That is:
-
Check the primary Thing's binding signature for
k
, if found, return its value. -
Check the direct key signature for
k
, if found return its value. -
Otherwise, fail.
We should not:
-
Check the primary User ID's binding signature for
k
, if found return its value. -
Check the primary User Attribute's binding signature for
k
, if found return its value. -
Check the direct key signature for
k
, if found returns its value. -
Otherwise, fail.
As a consequence, when updating an attribute (e.g., using ComponentAmalgamation::set_expiration_time
) we should update all User Thing binding signatures, not just User IDs binding signatures.
Since I don't think any other openpgp implementation is doing this, no one is using user attributes much, and this doesn't change the library's API, this should not block releasing 1.0.