On Sat, 25 Jul 2015, Phillip Hallam-Baker wrote:
On Sat, Jul 25, 2015 at 8:56 AM, Paul Wouters <paul(_at_)nohats(_dot_)ca> wrote:
Answering phb and dkg:
[note I stated my answer was to both you and dkg, and I used traditional
">" and ">>" which your email client seems to have eaten, so it is
unfortunate if that causes further confusion to a lot of people's email
client when reading this response]
That's not how I see it. It is surely a discovery and distribution
system for keys. But it is not a policy publication mechanism. The
draft (carefully) does not tell you what you can or cannot do with the
key. Some people tried to propose this (mostly for smime) by having
different prefixes for _encrypt or _sign, but this was not adopted.
Again, you don't seem to understand the spec. 'MUST USE TLS' is one of the
purported benefits.
Which specification are you refering to? The OPENPGPKEY specification
does not say "MUST USE TLS".
Key pinning to a specific key is another.
I assume you mean "key pinning to a specific user"? If so, the OpenPGP
RFC already binds the public key and the various key ID's. Any such
existing pinning is in the OpenPGP RFC. This draft does not modify
OpenPGP in any way whatsoever. It only provides a discovery mechanism
to find an openpgp key based on an email address.
Those are security policy.
whether or not they are, they are not specified in this draft.
I think those should be taken out of DANE but that hasn't happened yet as far
as I am aware.
I don't even understand what you mean with "DANE" in this context. This
draft has nothing to do with the TLSA record which _does_ do further
security policy specification using Selectors and Usage types. This
draft specifically does not use Selectors or Usage types and leaves
all the openpgp key policies to the OpenPGP RFC options.
Paul
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp