ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver

2019-04-16 14:56:39
Daniel Kahn Gillmor:
I've only seen a few merge requests, and none of them from "ilf"

Sorry, my Gitlab skills are weak. I created patches but forgot to create merge requests. They are now submitted, but unfortunately against the now-outdated version. I assume that some are fixed, but most should still work to merge easily.

I wonder about the definition of "certificate discovery" here. Even without UIDs, these keystores could be used for the *retrieval* of specific certificates whose fingerprint (or key ID) is known. This can be the case for signatures (over mails, software or documents) or keylists like in https://tools.ietf.org/html/draft-mccain-keylist
I agree, but this distinction is what the document already tries to make between certificate *discovery* (lookup by UID or UID substring) and certificate *update* (lookup by primary key fingerprint).

The "Terminology" section sais:

"Certificate discovery" is the process whereby a user retrieves an OpenPGP certificate based on user ID "Certificate update" is the process whereby a user fetches new information about a certificate

IMHO:

"Certificate discovery" is the process whereby a user retrieves an OpenPGP certificate based on the fingerprint (or key ID)

With this definition, every "update" is a "retrieval", but not every "retrieval" is an "update". I'm not sure how helpful yet another term would be, maybe could leave it our for simplicity, but I for one stumbled across that section.

--
ilf

If you upload your address book to "the cloud", I don't want to be in it.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp