ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Key Validity Scenarios

2015-05-07 09:53:50
On Thu, May 7, 2015 at 8:21 AM, ianG <iang(_at_)iang(_dot_)org> wrote:
You're talking about the status of signatures for the purpose of human
signing, not keys nor digsigs.

Such things as human signing digsigs can only be assumed / used within some
form of context.  Such a context could be a CPS or a contractual agreement
(eg rules of keysigning party) or a cooperative (eg CAcert) or a law (eg
Estonia & EU Directive).  Without such an approach, the notion of human
signing lacks foundation.  With such an approach, it is up to the approach
to decide what the status of signatures for human signing is.

In other words, it is out of scope of OpenPGP as it is currently
constructed.

It is out of scope. But we don't really understand what that scope is right now.

My vision for IETF next generation public key apparatus is that we
should arrive at a next generation system round about 2020 that offers
a superset of the capabilities of PKIX, OpenPGP and SAML.

I don't expect that to be a single consistent infrastructure. In fact,
I think it is going to look very much like electrical plugs do today
with different countries having different shaped plugs, different
voltages and different frequencies. And that is going to have long
term consequences for applications in that I think we are going to
have to accept that the equivalent of 'switching power supplies' is
going to be required.

If you want to use an infrastructure for using digital signatures on
transaction documents then you should look at the SAML assertion
infrastructure. That is what the assertion layer was designed to do.

At this point I do not want to redo SAML-lite in OpenPGP. Nor do I
want to invest further effort in XML or ASN.1. While they are both
capable of supporting the necessary features, they are clearly not
capable of achieving an industry wide consensus.

So right now what I would like us to focus on in developing a well
defined specification for an OpenPGP 'wall socket' that people can
plug an email messaging application into.

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>