ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Series of minor questions about OpenPGP 4

2009-01-30 15:15:56
from [Daniel Kahn Gillmor] [Permanent Link] 
On 01/30/2009 02:38 PM, Peter Thomas wrote:

For policy-URIs on self-sigs: What would this mean at the moment: "The
policy under which I signed my own key", right?
Does this make any sense? I mean what could one tell in such a policy?
"I trust myself", "I checked my own identity"?
That was the idea why I suggested that idea, because I think otherwise
it does not make much sense at all.


I don't have an immediate example (i haven't used policy URIs on
self-sigs or anywhere else).  But simply saying "these two policy-type
statements don't make sense" is different from saying "there could be no
possible policy statement that you would like to reference in a
self-signature."

For example, here's a policy statement: "This identity is found on
official government documents in the legitimate possession of the keyholder"

Say Margaret has two user IDs:

 "Margaret Kantor <margaret(_at_)example(_dot_)com>"
 "Maggie Kantor <maggie(_at_)example(_dot_)net>"

Since her gov't id doesn't have anything with "Maggie Kantor" on it (but
she's known by all of her friends as maggie) she might want to assert
the above policy for the former self-sig but not the latter.

I'm not saying it's a great use case, but it would be really unfortunate
if she had done that and then later found that it meant that all
signatures issued by the Margaret Kantor uid (if she used a Signer's
User ID subpacket, for example) suddenly meant that she had verified
specific gov't-issued ID.


1) Look at all policies whether they specify how to resolve conflicts.


this assumes that the policies are machine-parseable in a form that
includes conflict resolution, no?  what form are you proposing?  my
reading of the RFC is that there is no restriction on what can be
contained in the policy URI.


2) If the actual conflict remains, or if the conflict resolution
processes of the different policies are in conflict, the policies have
priority in the following order:
a) the policy specified in the signature of the signed data
b) the policy on the User ID self-signature,.. IF the signers user ID
was specified in the signature on the actual data
c) the policy on the (most recent) 0x1F signature
d) the policy on the 0x18 signature, from the key that was used to
create the signature on the actual data

Of course one would have to discuss which order fits best.


Wow, that sounds like a lot of heavy, fairly arbitrary work and hassle
to hash out the spec, let alone an implementation.

If we're ok with saying something like: "well-implemented clients should
be configured well enough to know to not make any conflicts", why not
just tell the well-implemented clients to embed the policy URI subpacket
in every signature they make, and not introduce this special case at
all?  That seems simpler all around to me, and wouldn't require any
retroactive changes to the specification.

btw, please don't take my opposition to this particular idea as
opposition to you proposing changes to the OpenPGP specification in
general.  It's great to see this sort of discussion.  Thanks for raising it!

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Series of minor questions about OpenPGP 4, David Shaw
Next by Date:  Series of minor questions about OpenPGP 6, Peter Thomas
Previous by Thread:  Re: Series of minor questions about OpenPGP 4, Peter Thomas
Next by Thread:  Re: Series of minor questions about OpenPGP 4, Peter Thomas
Indexes:  [Date] [Thread] [Top] [All Lists]