ietf-openpgp
[Top] [All Lists]

Re: Series of minor questions about OpenPGP 4

2009-01-30 14:51:23

On Fri, Jan 30, 2009 at 7:37 PM, Daniel Kahn Gillmor
<dkg(_at_)fifthhorseman(_dot_)net> wrote:
I'd disagree with such a change, if only because it seems to force a
semantic change on signatures that may already be in existence.  It'd be
weird if i made a signature that i knew meant "foo", and then came back
later to find that according to the new RFC, i'd actually stated "bar".
I'm not sure if I understand what you mean.
Currently policy URI subpackets are allowed on any signature, right?
Their meaning is "The policy under which that signature was maid",
right?
Ok for signatures on other keys or data I didn't propose a semantical change.

For policy-URIs on self-sigs: What would this mean at the moment: "The
policy under which I signed my own key", right?
Does this make any sense? I mean what could one tell in such a policy?
"I trust myself", "I checked my own identity"?
That was the idea why I suggested that idea, because I think otherwise
it does not make much sense at all.
Or do you know anything I didn't think ok? :-)


And how would you interpret the following situation:

 Key A has a self-sig with policy X

 Key A signs B's key,uid pair and includes a with policy-URI Y.

which policy governs the A's signature on B?  why?
This is actually a problem.
Currently the Policy URI is only meaningful for the signature itself
("The Policy under which the signature was maid").
If my suggestions for policy URIs on self-signatures would be
implemented, conflicts could arise, just as you showed in your example
above.
I think it would be actually worse, as one could have different
self-signatures (0x13,0x1F,0x18) that might apply in addition to the
signature on the data iself.

While conflicts are possible they "should" be unlikely in practice as
all these policies are under the control of the key holder (and
hopefully he have set them up without conflicts).
If not one could specify the following:
In case of a conflict:
1) Look at all policies whether they specify how to resolve conflicts.
2) If the actual conflict remains, or if the conflict resolution
processes of the different policies are in conflict, the policies have
priority in the following order:
a) the policy specified in the signature of the signed data
b) the policy on the User ID self-signature,.. IF the signers user ID
was specified in the signature on the actual data
c) the policy on the (most recent) 0x1F signature
d) the policy on the 0x18 signature, from the key that was used to
create the signature on the actual data

Of course one would have to discuss which order fits best.


Peter