ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[openpgp] Trust models...

2015-04-01 18:27:52
from [Phillip Hallam-Baker] [Permanent Link] 
On Wed, Apr 1, 2015 at 4:27 PM, Daniel Kahn Gillmor
<dkg(_at_)fifthhorseman(_dot_)net> wrote:

On Wed 2015-04-01 14:57:49 -0400, Stephen Farrell wrote:



I think i favor this approach, ideally *without* adding trust model work
into the mix.

Trying to explicitly declare a standardized trust model would be a
mistake for the WG.  it's a huge rat hole, and a "one trust model fits
all" approach is probably illegitimate at some deeper level, since
different people have different adversaries.


My conclusion exactly. I wrote this up in a draft.

Some problems you want to do TOFU, some you want to have Web of Trust,
others you want hierarchies. Web of Trust would not work well for the
DoD etc. etc.



If there's any work to be done with trust models, it would be to write a
document that tries to describe one or more of the more common
approaches to trust models (e.g. the GnuPG default arrangement, or
whatever sort of TOFU mechanism that PHB thinks is what everyone
"actually uses").


http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-01

My point is that we have two separable issues.

1) What key and security policy should Alice use to contact Bob?
2) How does Alice decide she can trust the answer to 1?

OpenPGP, PKIX, SPKI, etc, etc, disagree on answers to 2. Trans makes a
difference, etc. etc. That is the research problem.

We can't and shouldn't standardize the way that we arrive at the
answer but we can agree on the delivery method.



a) update the fingerprint format (avoid inclusion of creation date, use
   stronger digest algorithm; i'm dubious about embedding algorithm
   agility in the fingerprint itself, but explicit version info in the
   fingerprint might be reasonable so we don't have to keep guessing by
   fpr structure for future versions)


I certainly don't see a need for 'agility'. But I think we need a
version number so we can change the algorithm infrequently

If we can define the fingerprint format in a manner that is friendly
to PKIX and OpenPGP then it will make convergence a lot easier.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [openpgp] Trust models..., Phillip Hallam-Baker <=
Previous by Date:  Re: [openpgp] ways forward wrt IETF wg - please try answer by Apr 8th, James Cloos
Next by Date:  Re: [openpgp] OpenPGP private certification [was: Re: Manifesto - who is the new OpenPGP for?], Derek Atkins
Previous by Thread:  [openpgp] ways forward wrt IETF wg - please try answer by Apr 8th, Stephen Farrell
Next by Thread:  Re: [openpgp] How to re-launch the OpenPGP WG, Derek Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]