[Top] [All Lists]

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-22 09:44:55
Hi Paul,

On 21 Sep 2015, at 15:14, Paul Wouters wrote:

On Mon, 21 Sep 2015, John Levine wrote:

OPENPGP is a data format, WoT is one way to employ that format to
exchange messages.   It is not a *required* way to use OPENPGP.

Sure, but it's the way that everyone has used PGP for 20 years,
and it's the security model that everyone I know expects when they
use PGP keys.

Actually, nmost people I know never use the WoT. They only use keys
obtained directly from the person they want to exchange encrypted email

I think most people who use any trust model use the WoT, because that's what the common implementations make easy.

I think most people don't use any useful trust model, though. I see a lot of "send me your public key in plain text so I can talk privately about this thing", but no appreciation for the threat models in such a key exchange.