Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-open

Nonsense.  No security model is perfect.  Claiming social media connections and 
gpg signatures are the same thing is a logical fallacy.

Personally, I've known people for year on line, but would never sign someone's 
key without meeting them in person.

Complete apples and oranges comparison.

Myself, I always have gotten keys from a keyserver, never directly from the 
party using the key.

Scott K

On September 21, 2015 7:24:10 PM EDT, manning <bmanning(_at_)karoshi(_dot_)com> 
wrote:
> I think Paul nails it, at least for the more aware folks around.  Using
> the WoT to gauge anything other than confidence in choice of
> friends/associates is asking for trouble.
> See Also:  Robin Sage :  en.wikipedia.org/wiki/Robin_Sage
>
> manning
> bmanning(_at_)karoshi(_dot_)com
> PO Box 6151
> Playa del Rey, CA 90296
> 310.322.8102
>
>
>
>
>
>
> On 21September2015Monday, at 12:14, Paul Wouters <paul(_at_)nohats(_dot_)ca>
> wrote:
>
> > On Mon, 21 Sep 2015, John Levine wrote:
> >
> > > > OPENPGP is a data format, WoT is one way to employ that format to
> > > > exchange messages.   It is not a *required* way to use OPENPGP.
> > > Sure, but it's the way that everyone has used PGP for 20 years,
> > > and it's the security model that everyone I know expects when they
> > > use PGP keys.
> > Actually, nmost people I know never use the WoT. They only use keys
> > obtained directly from the person they want to exchange encrypted
> email
> > with.
> >
> > > This draft uses a model in which the key is bound to a mailbox
> > openpgp keys are bound to ID's, which can ultimately end up in a
> > mailbox but is not required to do so.
> >
> > For instance, the gpg key used to sign fedora21 packages with an
> openpgp
> > key ID containing "fedora21(_at_)fedoraproject(_dot_)org" might not have any
> mailbox
> > associated with it. It is merely shared in the DNS under an email
> address,
> > without a mailbox or valid local-part.
> >
> > > any stronger identity, and you have to trust that the domain's
> > > management fairly represents its users
> > Correct, the domain's management that controls either DNS or SMTP
> servers,
> > can steal a users email.
> >
> > > That's not a ridiculous model, but if
> > > that's the model, the draft and draft-ietf-dane-openpgpkey-usage
> need
> > > to say so.  At this point, neither does.
> > > From the Introduction:
> >   This document specifies a method for publishing and
> >   locating OpenPGP public keys in DNS for a specific email address
> >   using a new OPENPGPKEY DNS Resource Record.  Security is provided
> via
> >   DNSSEC.
> >
> > So your point is made already pretty clear in the introduction
> > already. Security comes from DNSSEC, so whoever controls the domain,
> > controls the publishing of openpgp keys.
> >
> > Section 5.2 also contains some advise. Section 7.4 also mentions
> this,
> > but not under a section title that makes that very clear.
> >
> > Some clarifications will be made, especially in the security
> > considerations section, to clarify this, based on the IETF LC
> comments.
> > Thank you,
> >
> > Paul