ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] details of 4880bis work

2015-04-20 11:35:18
from [Ben McGinnes] [Permanent Link] 
On 16/04/2015 11:04 pm, Christoph Anton Mitterer wrote:

On Thu, 2015-04-16 at 13:19 +0200, Vincent Breitmoser wrote: 

The solution to this problem should be two keyrings.

You probably mean two keys?


  Different
encryption settings per user id like this are completely out of scope
for everyone who isn't familiar with the inner workings of RFC4880.

I don't agree at all.
Actually we should make it finally usable that a person has only one
primary (and certifying/certified) key,... and many subkeys which are
usable for different use cases, which is right now practically
impossible.


Hmm ... if you think I'm taking the master/cert key for any of my
personal keys and leaving it on hardware controlled by an employer
then you'll be waiting a long time.


And I think once it would be reasonably possible, it makes absolutely
sense to have e.g. different key prefs depending on the UID and/or
(role) subkey.


This bit is true and certainly the functionality of the first part
would be useful, but you can be sure that some people will still
separate keys to some extent.  Although in my case, the first thing I
always did with creating a new work key was to make sure I'd exported
the secret key and took a copy home.

It's not that I didn't trust a company and thought it might screw me
over one day, it's just that ... oh, wait, that was exactly it.


Just like gpg, we use the latest signature.  Is there a reason this
isn't specified?  While I agree that the trust model should not be
specified, leaving this kind of thing open just leads to confusion

Yes.
IMO this vagueness may be even a security issue.


Yeah, my previous email responding to Ian deals with some of this.
There's still a separation of tech and policy or intent, but there are
identifiable functions which should be supported in order to provide
end users what they need to utilise a trust system and a security
policy effectively.


Regards,
Ben

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Fingerprints, Vincent Breitmoser
Next by Date:  Re: [openpgp] details of 4880bis work, Ben McGinnes
Previous by Thread:  Re: [openpgp] details of 4880bis work, Ben McGinnes
Next by Thread:  Re: [openpgp] details of 4880bis work, Christoph Anton Mitterer
Indexes:  [Date] [Thread] [Top] [All Lists]