ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] How to re-launch the OpenPGP WG

2015-03-13 08:42:34
from [Derek Atkins] [Permanent Link] 
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:


On Fri, 13 Mar 2015 04:52, calestyo(_at_)scientia(_dot_)net said:


1) More general things
- The WG should consider whether to just bring OpenPGP up to date... or
  whether to completely overhaul or even re-design it.


The please give the thing another name.  Recall the outcry whn I removed
PGP-2 support from 2.1.


- The basic meshed web of trust must obviously be retained, but apart


OpenPGP does not define the Web of Trust.  There is no standard for it.


This was explicitly out of scope from the former OpenPGP WG.  I think
that was a GOOD THING, and I believe it should remain out of scope.
IMHO we shouldn't define how OpenPGP is used, only what it inputs and
outputs.


  - Since the X.509 PKI infrastructure in the internet is inherently
    broken and since DANE would only partially improve things (one still
    has several CA's above which could be evil), the time may come in
    which at least some security conscious people would want to use TLS
    or similar with a fully meshable PKI as OpenPGP.
    For that we might need similar things as X.509 got eventually,...
    things like SubjectAlternativeNames for IP, DNS, email, etc.


We already have this.  You may either use a plain user ID with signed
attributes to implement this or, better, extend the attribute packet,
which is currently only used for photo ids, but designed for what you
want.  You may already start with this using the 100--110 subpacket
types.


For the record, draft-atkins-openpgp-device-certificates already extends
the Attribute Subpacket with a String ID (similar to the UserID).


Regarding the rest of your mail, I think it is better to postpone a
detailed discussion for now.


Shalom-Salam,

   Werner


-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord(_at_)MIT(_dot_)EDU                        PGP key available

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] How to re-launch the OpenPGP WG, Derek Atkins
Next by Date:  Re: [openpgp] How to re-launch the OpenPGP WG, Werner Koch
Previous by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, Werner Koch
Next by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, DataPacRat
Indexes:  [Date] [Thread] [Top] [All Lists]