ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP

2015-04-17 16:06:02
from [Phillip Hallam-Baker] [Permanent Link] 
On Thu, Apr 16, 2015 at 11:29 AM, Derek Atkins <derek(_at_)ihtfp(_dot_)com> 
wrote:

Ian,

ianG <iang(_at_)iang(_dot_)org> writes:


Context:  I'm not saying I want to open up the debate.  My context is
that I'm already doing it.  In effect <advert> I abandoned OpenPGP 2
years back so that I could build my own PKI to suit my today's
requirements </advert>.  To add further flesh to that, PHB is doing
the same.  Jon will also have something to say on this, and others...

In short, the reality is that PKIs are evolving around us, so the
question is not whether to do it, it's already happening.

The question is whether to bring it back in house?


I'm not sure why you need to abandon OpenPGP to do this.  Me, I'm
building a PKI *using* OpenPGP.  It's actually working quite well,
although I wish there were more standard ways to do the things I
need/want to do.  But there's definitely enough flexibility in 4880 to
do everything I want/need.

Perhaps what we need is (as already suggested by Jon) a document or set
of documents that define how to do different types of PKI using OpenPGP
data structures.


I think that Stephen's proposal to use the right key for this is the
right approach.

What I want to do at this point is play. I want to strip the system
down and look at every part and decide what an ideal system might look
like and then look at how that maps to the legacy resources, including
OpenPGP and PKIX.


Looking forward, I want to eventually get to one PKI which combines
Web of Trust and Hierarchical concepts. I think I can demonstrate
mathematically that it is possible to achieve a higher work factor
that way than with either approach on its own. There are use cases
that I cannot satisfy with one or the other.

There are some features of a new PKI that I think are fairly obvious.
It is clear for example that the energy will come from the OpenPGP
world. It is also clear that ASN.1 is as popular as a dose of ebola
and there must be no new ASN.1.

But if we do have to do a lot of new stuff, I want to go to JSON
rather than trying to muck about trying to extend the 1990s style
structures.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Fingerprints, ianG
Next by Date:  Re: [openpgp] Fingerprints, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP, ianG
Next by Thread:  Re: [openpgp] Opening up the debate on PKI / WoT / future of OpenPGP, Derek Atkins
Indexes:  [Date] [Thread] [Top] [All Lists]