Hence OX could simply state that recipients must verify the signature. And that only if the PGP message is supposed to originate from within XMPP it the user ID should contain the sender's XMPP address.
Honestly, why does OX care at all about user ID? It already knows what exact key is allowed, so what user id it does or doesn't have doesn't really affect security by much. OMEMO doesn't have user ids at all for example.
signature.asc
Description: PGP signature
_______________________________________________ Standards mailing list -- [email protected] To unsubscribe send an email to [email protected]
