[Top] [All Lists]

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-22 09:12:46

--On Monday, September 21, 2015 15:14 -0400 Paul Wouters
<paul(_at_)nohats(_dot_)ca> wrote:

Sure, but it's the way that everyone has used PGP for 20
years, and it's the security model that everyone I know
expects when they use PGP keys.

Actually, nmost people I know never use the WoT. They only use
obtained directly from the person they want to exchange
encrypted email with.


I have no doubt that is true, but I think it has a lot to do
with Harald's comments about tools and George's comments about
models.  First, I know a lot of people who insist on keys who
are handed to them directly (or mailed with in-person or other
out of band transfer and verification of fingerprints).  I know
almost as many who almost exclusively pull things off
keyservers.  Especially with those tools that will not allow
using a key unless if bears one's personal signature (even if
non-exportable), all of those keys are incorporated into that
individual's WOT, even if the key is a self-signed one obtained
from a keyserver that no person who understood the issues and
was sane would rely upon.   Consequently, "never use the WOT"
either involves a different definition than I've used or I don't
understand what it means.    

Whether those "who to trust and why" decisions are wise or not
is another matter (and I think closer to George's concerns).

However, if you believe that, because of trust issues, people
get keys only from personal contacts rather than indirectly from
public databases, why are we discussing yet another public
database-based approach?   Or are you convinced that the problem
with the other public databases is that the DNS is inherently
better for some reason such as the inability of third parties
not associated with the domain in the address to add keys?  Or
that the DNS is somehow, inherently, the One True Database to
Rule Them All for the Internet?   (That is, of course, another
variation of my desire that the next version of the document be
much more clear about the problem(s) it is trying to solve.)


<Prev in Thread] Current Thread [Next in Thread>