On Wed, 30 Sep 2020 15:04:34 +0200,
Wiktor Kwapisiewicz wrote:
Actually Vincent's draft was already discussed on the list in 2017
including the design decision of using User Attributes and I have to
agree with Werner's quote from back then:
(...) We have notation data which can be
used to add meta data to a user id.
Hiding things which might act as identities in UAT does not feel right.
We better keep UAT for what they are used today - for the more or less
useless photo-ids
Source:
https://mailarchive.ietf.org/arch/msg/openpgp/zgGQW8qPtJ94tkEVDpDJNsAdkxE/
Thanks for pointing to that discussion.
Vincent also defends his design there and I find his arguments
convincing. In particular, we should try and make the parsers
simpler by using UAs to mark items as exactly what they are.
Yes, you can't certify notations but why would you want to certify my
Twitter handle? It's not up to you to decide if it's valid. The proof is
designed to be checked against the actual service (Twitter in this case).
Would you also argue that it is not up to me to decide if an email is
valid for a given key, but up to the email server? I wouldn't and I
don't see the fundamental difference.
When Alice certifies that "Bob <bob(_at_)example(_dot_)org>" controls the
Certificate 0xBBBB, is she also certifying Bob's linked identities?
No, why would she? And why is this any different from Alice signing
Bob's User ID containing any other notation? Consider the alternative:
if Bob adds notation to his User ID saying "Alice loves me" should Alice
signature over that User ID be treated as her commitment? Clearly not.
Clearly(tm). :D.
As for the OpenKeychain example please note that the stable version
removed support for their linked identities [0].
[0]: https://github.com/open-keychain/open-keychain/pull/2408
Thanks for pointing this out.
It could be argued that it's the tooling that was missing but given that
both WKD and verifying keyservers strip User Attributes left and right
adding support for your design would require massive implementation
effort on all sides for a questionable benefit.
This is a bit unfair. WKD and verifying keyservers also strip User
IDs left and right, and for good reasons: they only return what they
can authenticate.
FWIW, I think a WKD ought to be allowed to return more, and the WoT
should be used for authenticating bindings, but that is a different
discussion.
As for Hagrid, it could be modified to return UAs that can be
authenticated similar to how it authenticates email addresses (e.g.,
checking proofs or, say, sending a DM on twitter and requiring a
reply).
Sure, modifying software is work. But I disagree with your claim that
it is a "massive implementation effort". And, I think the work would
move the ecosystem forward in a positive way.
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp