ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))

2018-07-02 00:44:08
from [Wiktor Kwapisiewicz] [Permanent Link] 
 From what I've seen Keybase is not interested in purely OpenPGP solution - 
they want to keep the data on their site [0].


So it’s not worthwhile solving this problem? Or are you saying that because 
they are doing it no one else should do it in a standard way?
I'm saying Keybase - as a company - will not do it in a standard way, that's all, no hidden meaning there. 


I think it’s really cool that Keybase lets you authenticate these other 
networking points. And it sounds like this is at least part of the problem.
Yeah, I like it too. But you know what's really cool? That there already *is* an I-D for that but using OpenPGP: 
https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01
I highly recommend reading that, it's already implemented and working in OpenKeychain. It uses User Attributes. 

Actually I asked for it to get the proper User Attribute ID assigned:

https://www.ietf.org/mail-archive/web/openpgp/current/msg08913.html

It did not happen.


I didn't agree with him back then, but after longer thought I changed my opinion - user 
attributes do not have any fallback mechanism - either most software supports that custom 
special attribute or it's practically impossible to work with them (yes, they are 
supported, but displayed as an opaque string [4]). And I say this as a person that added 
this packet "by hand" and use it on my key.


I don’t agree with him now. This is *precisely* the sort of thing that User 
Attributes were created to solve.
Maybe that's just me but what's the difference between User Attribute that has value "https://github.com/wiktor-k"; and a User ID that has value "https://github.com/wiktor-k";? I see only one - you can read the User ID just fine using existing frontends and UAT will be "opaque". User Attribute will have ID, right. 


Sure, but it means that you are using a generic text field in ways that are 
hard to parse. Why not define it?
I'm not opposed to defining it (actually I'd very much welcome that!). But the difference between User ID that has URI format and User Attribute that has URI format does not affect the difficulty of parsing (you still need to handle broken data in both cases). 

Kind regards,
Wiktor

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] AEAD mode unverified chunks, Peter Gutmann
Next by Date:  Re: [openpgp] Test message, sorry for the noise, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures)), Bill Frantz
Next by Thread:  Re: [openpgp] Test message, sorry for the noise, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]