ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

2015-09-23 00:34:34
from [Harald Alvestrand] [Permanent Link] 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/22/2015 04:44 PM, Joe Abley wrote:

Hi Paul,

On 21 Sep 2015, at 15:14, Paul Wouters wrote:


On Mon, 21 Sep 2015, John Levine wrote:


OPENPGP is a data format, WoT is one way to employ that format to
exchange messages.   It is not a *required* way to use OPENPGP.


Sure, but it's the way that everyone has used PGP for 20 years,
and it's the security model that everyone I know expects when they
use PGP keys.


Actually, nmost people I know never use the WoT. They only use keys
obtained directly from the person they want to exchange encrypted email
with.


I think most people who use any trust model use the WoT, because

that's what the common implementations make easy.


I think most people don't use any useful trust model, though. I see a

lot of "send me your public key in plain text so I can talk privately
about this thing", but no appreciation for the threat models in such a
key exchange.
This is actually a very rational model. It reduces the attack surface to
one leap of faith - which has been very successful for SSH.

I keep a keystore on all my mailers, but haven't bothered to build any
trust networks recently. This will allow me to detect certain kinds of
attacks (damaged messages, multiple keys claiming to be for the same
person) without causing me to spend time managing my keystore.

For me, that's a reasonable tradeoff.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWAjnRAAoJEGsBVt6Jonw0G24P/1ujlZCpD96jxSXIvUXiWzpe
2IZGc4omMOjAbF8SJrqDsA+T9Asp8X5Vm9LTvc6YIpErc9vbSamSSWabJfDGsjB6
L0sZbC6i923Hq2TG3+ViioJqPbtRbHE1wYVaY9w1u9XabrvQO12POiQIi7DiWf5K
eFhUxlug1SI3iovFjhf7BjTjqz6659pCna7i6QlGNbr1vwVVFNeCpRamDeNgs3Ud
KTPX0WFXO+Ox5B6hm1s7UYkrvV9ENMAFr8rrbzSKP29aGJhi21pDJSVxDV74fmAK
7vDhqCUxn3GxQsfhfGg53no4s0CR9gQYRoZ53UuHWRLd0/7qPoUgyXZGtL3ahoMl
0sgMt81JqcdzNmLGIBMm8ZPtdvlpU1EVvmGgCwe+Vm5jWZ5qFJxXSSGE5RWfvP0x
sGUbf3KovYL3Qhu6CfGGMHge6Uk+UxvBXYBKuecSrh+NeJfHL6SH2zHBak2yrUp1
vTTg0DvkXaALSP8MAHOh9lwhCpRMNJBMEmG3gF/gYPNN+RRrm5ENvMI4c7/jQaoF
p3wQeZ5LVxbZqZEDtIUpugGIlwdo+bPpwWAisNBfgMCDfpucHZhNbpcc09Za/GZc
HencsKpo84neaBFcAlcinMFEQUMyiV8TDaXnovQqItDR/yusmLn4vHhFgPorXMA8
ODBQ+Okj76fkkcQf1qmM
=oYXM
-----END PGP SIGNATURE-----
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Next by Date:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Previous by Thread:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Joe Abley
Next by Thread:  Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey, Harald Alvestrand
Indexes:  [Date] [Thread] [Top] [All Lists]