[Top] [All Lists]

Re: [openpgp] How to re-launch the OpenPGP WG

2015-03-13 08:42:34
Werner Koch <wk(_at_)gnupg(_dot_)org> writes:

On Fri, 13 Mar 2015 04:52, calestyo(_at_)scientia(_dot_)net said:

1) More general things
- The WG should consider whether to just bring OpenPGP up to date... or
  whether to completely overhaul or even re-design it.

The please give the thing another name.  Recall the outcry whn I removed
PGP-2 support from 2.1.

- The basic meshed web of trust must obviously be retained, but apart

OpenPGP does not define the Web of Trust.  There is no standard for it.

This was explicitly out of scope from the former OpenPGP WG.  I think
that was a GOOD THING, and I believe it should remain out of scope.
IMHO we shouldn't define how OpenPGP is used, only what it inputs and

  - Since the X.509 PKI infrastructure in the internet is inherently
    broken and since DANE would only partially improve things (one still
    has several CA's above which could be evil), the time may come in
    which at least some security conscious people would want to use TLS
    or similar with a fully meshable PKI as OpenPGP.
    For that we might need similar things as X.509 got eventually,...
    things like SubjectAlternativeNames for IP, DNS, email, etc.

We already have this.  You may either use a plain user ID with signed
attributes to implement this or, better, extend the attribute packet,
which is currently only used for photo ids, but designed for what you
want.  You may already start with this using the 100--110 subpacket

For the record, draft-atkins-openpgp-device-certificates already extends
the Attribute Subpacket with a String ID (similar to the UserID).

Regarding the rest of your mail, I think it is better to postpone a
detailed discussion for now.



       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord(_at_)MIT(_dot_)EDU                        PGP key available

openpgp mailing list