Re: Proposal for new Attribute packet

From hal  Tue Mar 10 14:37:28 1998
Message-Id: <199803102151(_dot_)QAA14162(_at_)users(_dot_)invweb(_dot_)net>
From: "William H. Geiger III" <whgiii(_at_)invweb(_dot_)net>
Date: Tue, 10 Mar 98 15:48:23 -0500

Jack Repenning, <jackr(_at_)informix(_dot_)com>, write:

I'm not sure this addresses the use Hal had in mind.  An implication of
allowing an attribute packet "wherever a userid packet may be" is that it
can be signed by another party.  I imagine the UI he has in mind would
allow this other party to add the attribute, rather than (or, "in
addition to") the key owner doing so.  The end goal is (I think) the
ability to express the meaning of your signature ... "I certify this key
for business purposes, but I wouldn't trust this blighter with the
personal secrets of a snail."


That's not quite the idea, since what you are describing is more
of a qualification on your signature, rather than an attribute of
the keyholder.  The expectation is that typically attributes would be
created by the keyholder, like userids, and then be both self-certified
and also certified by other people.

As an aside, remember that signing a key/userid does not mean that
you are attesting to the trustworthiness of the keyholder.  All you
are vouching for is his identity as described in the userid packet.
So the actual sentiment quoted above is completely consistent with an
ordinary key signature.

William H. Geiger III, <whgiii(_at_)invweb(_dot_)net>, replied:

I'm not sure I like this at all. It is one thing to allow 3rd parties to
attach their verification of the userID of a key. It is quite another
thing to allow then to add any information they wanted to. There are quite
a few nasty and malicious people out there and I for one would not support
letting them have the ability to add extra information of any kind to my
public keys.

The more I think about this the less I like it. Seems to be opening a real
can of worms.


This is one reason the Key Server Preferences subpacket was added.
It is designed to allow the keyholder to tell key servers that he does
or does not want to allow third parties to add things to his key.

Hal

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Proposal for new Attribute packet, (continued) Re: Proposal for new Attribute packet, Lutz Donnerhacke Re: Proposal for new Attribute packet, Lutz Donnerhacke Re: Proposal for new Attribute packet, Bill Stewart Re: Proposal for new Attribute packet, Will Price Re: Proposal for new Attribute packet, William H. Geiger III UserID Revocation, Lutz Donnerhacke Re: UserID Revocation, Christopher Creutzig Re: UserID Revocation, Lutz Donnerhacke Re: UserID Revocation, William H. Geiger III Re: Proposal for new Attribute packet, Andrew Bromage Re: Proposal for new Attribute packet, Hal Finney <= Re: Proposal for new Attribute packet, Hal Finney Re: Proposal for new Attribute packet, William H. Geiger III Re: Proposal for new Attribute packet, Hal Finney