ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] details of 4880bis work

2015-04-16 08:04:24
from [Christoph Anton Mitterer] [Permanent Link] 
On Thu, 2015-04-16 at 13:19 +0200, Vincent Breitmoser wrote: 

The solution to this problem should be two keyrings.

You probably mean two keys?


  Different
encryption settings per user id like this are completely out of scope
for everyone who isn't familiar with the inner workings of RFC4880.

I don't agree at all.
Actually we should make it finally usable that a person has only one
primary (and certifying/certified) key,... and many subkeys which are
usable for different use cases, which is right now practically
impossible.
And I think once it would be reasonably possible, it makes absolutely
sense to have e.g. different key prefs depending on the UID and/or
(role) subkey.


it is underspecified to a point
where trying to figure out what an other implementation meant by some
constellation of preferences in user ids or direct key signatures is
little more than guesswork.

Yes.



Just like gpg, we use the latest signature.  Is there a reason this
isn't specified?  While I agree that the trust model should not be
specified, leaving this kind of thing open just leads to confusion

Yes.
IMO this vagueness may be even a security issue.



Cheers.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] details of 4880bis work, Christoph Anton Mitterer
Next by Date:  Re: [openpgp] details of 4880bis work, Christoph Anton Mitterer
Previous by Thread:  Re: [openpgp] details of 4880bis work, Vincent Breitmoser
Next by Thread:  Re: [openpgp] details of 4880bis work, Vincent Breitmoser
Indexes:  [Date] [Thread] [Top] [All Lists]