Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
On Fri, 13 Mar 2015 04:52, calestyo(_at_)scientia(_dot_)net said:
1) More general things
- The WG should consider whether to just bring OpenPGP up to date... or
whether to completely overhaul or even re-design it.
The please give the thing another name. Recall the outcry whn I removed
PGP-2 support from 2.1.
- The basic meshed web of trust must obviously be retained, but apart
OpenPGP does not define the Web of Trust. There is no standard for it.
This was explicitly out of scope from the former OpenPGP WG. I think
that was a GOOD THING, and I believe it should remain out of scope.
IMHO we shouldn't define how OpenPGP is used, only what it inputs and
outputs.
- Since the X.509 PKI infrastructure in the internet is inherently
broken and since DANE would only partially improve things (one still
has several CA's above which could be evil), the time may come in
which at least some security conscious people would want to use TLS
or similar with a fully meshable PKI as OpenPGP.
For that we might need similar things as X.509 got eventually,...
things like SubjectAlternativeNames for IP, DNS, email, etc.
We already have this. You may either use a plain user ID with signed
attributes to implement this or, better, extend the attribute packet,
which is currently only used for photo ids, but designed for what you
want. You may already start with this using the 100--110 subpacket
types.
For the record, draft-atkins-openpgp-device-certificates already extends
the Attribute Subpacket with a String ID (similar to the UserID).
Regarding the rest of your mail, I think it is better to postpone a
detailed discussion for now.
Shalom-Salam,
Werner
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp