Hi Wiktor,
Thanks for submitting the proposal. For the record, I'm against it.
On Wed, 30 Sep 2020 11:20:08 +0200,
Wiktor Kwapisiewicz wrote:
I'd like to request registration of notation in the IETF namespace (non
suffixed) as a sub-section of 5.2.3.17. Notation Data [0]:
-----------------------------
The 'proof' notation
The proof notation contains a resource identifier that can be verified
as being associated with the OpenPGP key. The identifier SHOULD be in
URI format. This is intended in particular to associate user accounts on
the web. The specifications on how the verification should be performed
is beyond the scope of this document.
For those following along at home: Vincent explored this idea of
social proofs for OpenPGP (he called them linked identities) in his
master's thesis. He submitted two I-Ds describing how to add them to
OpenPGP using User Attributes:
https://datatracker.ietf.org/doc/html/draft-vb-openpgp-linked-ids-01
https://datatracker.ietf.org/doc/html/draft-vb-openpgp-uri-attribute-01
Some discussion can be found here:
http://moderncrypto.org/mail-archive/messaging/2015/001348.html
Without getting into the details, I think Vincent's proposal is good,
and should be the preferred way forward assuming we want this feature.
And, I think this feature is desirable.
This notation in a user space variant (proof(_at_)metacode(_dot_)biz) is
already in
use by several services the biggest of which is https://keyoxide.org/
(developed by Yarmo Mackenbach) and partially documented in
https://metacode.biz/openpgp/proofs
For the record, Hagrid also supports them, e.g.:
https://keys.openpgp.org/wiktor(_at_)metacode(_dot_)biz
The use of the proof notation is a nice hack given the state of the
ecosystem. In particular, AFAIK, no OpenPGP implementation outside of
Open Keychain supports adding social proofs / linked identities to an
OpenPGP Certificate, but most do support adding notations even if that
support is a bit clumsy, cf. the "Adding proofs" section in:
https://metacode.biz/openpgp/proofs
But, that doesn't mean that this hack should be standardized
particularly given that it is using existing OpenPGP mechanisms
(notations) exactly as intended.
These are several reasons why I prefer the User Attribute approach:
- Since the notations are attached to a User ID self signature, it
is not possible for a third party to certify a linked identity in
the usual manner. For instance, I think it would be useful to
create a User Attribute for a social media handle or some service,
and then have someone cerify that identity. We could embed a URI
in a User ID packet (e.g., twitter://@nwalfield,
ssh://walfield.org), but this further complicates parsing User ID
packets, which means that OpenPGP applications are less likely to
make use of this information.
- Notations change the semantics of certification. When Alice
certifies that "Bob <bob(_at_)example(_dot_)org>" controls the Certificate
0xBBBB, is she also certifying Bob's linked identities? The
notations are stored on the User ID's self signature and not on
the User ID packet, but...
- Traditionally, OpenPGP has had one identity per artifact. This is
nice, because it means that it is possible to only publish
relevant information. For instance, the WKD specification says:
The mail provider MUST make sure to publish a key in a way
that only the mail address belonging to the requested user is
part of the User ID packets included in the returned key.
Other User ID packets and their associated binding signatures
MUST be removed before publication.
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-10#section-5
Similarly, Hagrid (the software behind https://keys.openpgp.org)
only returns User IDs and their self signatures for which the
email has been confirmed. Using notations, it is not possible to
separately confirm the linked identifies, and Hagrid must either
publish a User ID with all of the linked identities, publish the
User ID without a self signature, or not publish the User ID at
all. All of those options are unsatisfying.
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp