ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Registration of the 'proof' notation

2020-10-03 17:36:39
from [Jon Callas] [Permanent Link] 



On Oct 1, 2020, at 3:41 AM, Neal H. Walfield <neal(_at_)walfield(_dot_)org> 
wrote:

Hi Jon,

Thanks for your comments.

I'm a bit confused, however, how PGPtickets are analogous to social
proofs.  A social proof is an identity ("my handle on this service is
X").  PGPtickets are authorizations.  When I create a social proof,
I'm not normally delegating any authority; I'm advertising an
identity.  And, an authorization in the o-cap world is normally free
of identity information (authorization-based, not identity-based,
access control is the mantra).


One point is that they don't have to be embedded in the OpenPGP key. They're 
separate statements with their own syntax. Just because OpenPGP is a nice 
hammer doesn't mean that everything's got to be a nail. It's okay to have other 
hardware.

While I agree with you that these social proofs correspond reasonably well to 
an identifier, especially more than making them be a notation, there's no 
reason to jam them into even that. Wiktor has his own uses, and the fact that 
he's suggested an approach different to what you and I thought says to me that 
perhaps we don't quite get his use case.

Thus, why not just go take something and do it? Other people have done it 
before. When Vinnie and Tony were doing the tickets, they could have done it so 
that it was a notation as well. In their case, the sysadmin could have signed 
the actor's key with a notation, even, and had it work that way. It also makes 
sense to make it be a wholly separate object, purpose built to its need. 
Moreover, it doesn't require the likes of us to agree to it.

That's why I suggested it. Among the implementation options is for Wiktor to go 
off to the side and do his social proofs with another syntax. Moreover, the 
consumer of the proofs only has to verify the signature around the proof and 
then parse the proof on its own, without having to go to the trouble of parsing 
a whole OpenPGP key.

        Jon



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] List of "semantic" changes between 4880 and bis, Werner Koch
Next by Date:  Re: [openpgp] Registration of the 'proof' notation, Jon Callas
Previous by Thread:  Re: [openpgp] Registration of the 'proof' notation, Neal H. Walfield
Next by Thread:  Re: [openpgp] Registration of the 'proof' notation, Wiktor Kwapisiewicz
Indexes:  [Date] [Thread] [Top] [All Lists]