On Oct 1, 2020, at 3:41 AM, Neal H. Walfield <neal(_at_)walfield(_dot_)org>
wrote:
Hi Jon,
Thanks for your comments.
I'm a bit confused, however, how PGPtickets are analogous to social
proofs. A social proof is an identity ("my handle on this service is
X"). PGPtickets are authorizations. When I create a social proof,
I'm not normally delegating any authority; I'm advertising an
identity. And, an authorization in the o-cap world is normally free
of identity information (authorization-based, not identity-based,
access control is the mantra).
One point is that they don't have to be embedded in the OpenPGP key. They're
separate statements with their own syntax. Just because OpenPGP is a nice
hammer doesn't mean that everything's got to be a nail. It's okay to have other
hardware.
While I agree with you that these social proofs correspond reasonably well to
an identifier, especially more than making them be a notation, there's no
reason to jam them into even that. Wiktor has his own uses, and the fact that
he's suggested an approach different to what you and I thought says to me that
perhaps we don't quite get his use case.
Thus, why not just go take something and do it? Other people have done it
before. When Vinnie and Tony were doing the tickets, they could have done it so
that it was a notation as well. In their case, the sysadmin could have signed
the actor's key with a notation, even, and had it work that way. It also makes
sense to make it be a wholly separate object, purpose built to its need.
Moreover, it doesn't require the likes of us to agree to it.
That's why I suggested it. Among the implementation options is for Wiktor to go
off to the side and do his social proofs with another syntax. Moreover, the
consumer of the proofs only has to verify the signature around the proof and
then parse the proof on its own, without having to go to the trouble of parsing
a whole OpenPGP key.
Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp