ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-22 09:44:55
from [Joe Abley] [Permanent Link] 
Hi Paul,

On 21 Sep 2015, at 15:14, Paul Wouters wrote:


On Mon, 21 Sep 2015, John Levine wrote:


OPENPGP is a data format, WoT is one way to employ that format to
exchange messages.   It is not a *required* way to use OPENPGP.


Sure, but it's the way that everyone has used PGP for 20 years,
and it's the security model that everyone I know expects when they
use PGP keys.


Actually, nmost people I know never use the WoT. They only use keys
obtained directly from the person they want to exchange encrypted email 
with.
I think most people who use any trust model use the WoT, because that's what the common implementations make easy.
I think most people don't use any useful trust model, though. I see a lot of "send me your public key in plain text so I can talk privately about this thing", but no appreciation for the threat models in such a key exchange. 


Joe
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, John C Klensin
Next by Date:  Re: Last Call: <draft-ietf-lwig-ikev2-minimal-02.txt> (Minimal IKEv2) to Informational RFC (fwd), Paul Wouters
Previous by Thread:  Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Next by Thread:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Indexes:  [Date] [Thread] [Top] [All Lists]