The problem I see with all of these suggestions is that there is no way to
actually "verify" the data that someone puts into these fields without some
sort of standardized and trusted verification service, which is way out of
scope for the OpenPGP spec. Also, adding many more user attributes *will*
complicate UIs beyond gnupg and enigmail. Consider mobile applications such
as ipgmail [mine] and others where screen real estate is at a premium and
users dont want to type lots of info into complex forms that are not well
understood by the average user. The whole "web of trust" is not really
codified or enforced in a formal way, its pretty much up to individuals to
decide on the trust level they want to assign to a key (or userids
associated with the key), many users ignore it entirely and happily use the
key and assume the UID is correct. Why would this be any better?
Im not convinced that the proposal to break up the UID into lots of
separate attributes is enhancing the security or usability for the general
PGP user community, though I can see it having value in some specialized
cases and perhaps it could be a foundation for building a better
trust/verification system.
-Wyllys Ingersoll
On Wed, Jun 27, 2018 at 8:06 AM Wiktor Kwapisiewicz <wiktor=
40metacode(_dot_)biz(_at_)dmarc(_dot_)ietf(_dot_)org> wrote:
Hi Leo,
But I'm not in favor of other attributes:
- "role" (e.g. "Qubes OS developer"), who would verify that? Probably
only some kind of master Qubes key should sign it but then how do we
know if this is a correct master Qubes key? Wouldn't e-mail in form of
user(_at_)developers(_dot_)qubes(_dot_)com better express that? (for the
record I also
don't like "project X signing key" comments but that's another story),
- "pseudonym", also not clear what are the rules of signing this ID,
Well, I don't really like them either, but that'd be a way for people to
have a place to put the information they currently appear to want to put
in their User ID fields. The aim of these fields is mostly to avoid
misuse of other fields.
I think the root of the problem is that people either input something
because there is a Comment field, or they think they need to input
something there (e.g. "Work").
In the first case it's slowly getting better as tools as gpg have
sensible defaults now (for example, they don't ask for comment when
creating keys).
In the second case a good solution would just be educating people (for
example making them familiar with this timeless piece:
https://dkg.fifthhorseman.net/blog/openpgp-user-id-comments-considered-harmful.html
).
I'd think the concept of saying “a key is valid” is likely a problem
anyway, as a key is always valid, and the only thing that can be checked
is the validity of the association between a User ID and a key (for the
WoT, there is no need to have a key “valid” for trusting it, so I guess
the change shouldn't generate any issue).
By "valid" I meant the strict technical term used by gpg (see e.g. this
excellent resource:
https://www.linux.com/learn/pgp-web-trust-core-concepts-behind-trusted-communication
).
So this would require quite some changes especially around the user
interface, that couldn't just display a valid User ID as “key handle” as
is currently done by at least GnuPG and Enigmail, but would also have to
reconstruct something intelligent to display based on the set of
validated User Attributes.
Exactly. And this kind of modification that requires changing all tools
along the path, for a standard so widely used as OpenPGP can be hard to
pull off.
Kind regards,
Wiktor
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp