ietf-openpgp
[Top] [All Lists]

Re: key flags -- what do they mean?

1999-03-08 21:33:15
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In <199903090152(_dot_)RAA04964(_at_)hal(_dot_)sb(_dot_)rain(_dot_)org>, on 
03/08/99 
   at 08:52 PM, hal(_at_)rain(_dot_)org said:

This is the problem that I have with this use of the key flags.  There is
no logical connection between how the key signer's hopes for how the key
would be used, and the certification of validity which the signer makes.
By trying to make these completely independent and orthogonal concepts
become dependent on each other, the key flags are not consistent with the
other semantics of our key signatures.

Well I have been doing quite a bit of studying/thought on the use of PGP
in an e-comm environment and the more I look at it the more I am convinced
that using the public key as a payload for information is the wrong
approach.

While the WOT is a convenient mechanism for individuals to "certify" a key
and a user's identity it is a poor mechanism for a CA (this expands past
just the simple identity CA's we see today). At most a CA should sign a
key signifying that they have some data relating to the key in their data
base. Any additional information should be retrieved *directly* from the
CA using the public key as a "token" linking the owner of the key to the
records in the database. The problem we have here is trying to attach
dynamic data (data that can change at any time) in a static format
(attached to a public key that the signer may or may not be able to change
when the data changes).

Don't feel bad though the underlying format is good, this is just an
implementation problem (we are much better off than the X.509 crowd <g>).

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://www.openpgp.net
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii
- ---------------------------------------------------------------
 
Tag-O-Matic: Program call to load Windows- "Here_piggy_piggy_piggy"

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i OS/2 for non-commercial use
Comment: Registered_User_E-Secure_v1.1b1_ES000000
Charset: cp850

wj8DBQE25KXclHpjA6A1ypsRAo9kAKCCXm7u/m40V8NG2rUihiMlvSe8aQCgyyjk
5+/1U1X7XTLZm/enk7oRKs0=
=r/yC
-----END PGP SIGNATURE-----