Re: [dane] PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

[Viktor Dukhovni <ietf-dane@dukhovni.org>]

On Wed, Sep 23, 2015 at 09:44:57AM +0600, Randy Bush wrote:

> Paul Wouters wrote:
> 
> > Actually, nmost people I know never use the WoT. They only use keys
> > obtained directly from the person they want to exchange encrypted email
> > with.
> 
> this is not my experience
> 
> it will be a long time before i trust a dane/dnssec identity binding
> over pgp's.
> 
> At Mon, 21 Sep 2015 16:24:10 -0700, Bill Manning wrote:
> 
> > I think Paul nails it, at least for the more aware folks around.
> > Using the WoT to gauge anything other than confidence in choice of
> > friends/associates is asking for trouble.
> 
> i think bill nails it.  trust in identity is what it is about for me.
> i am communicating with a person, not a dns or smtp server; the latter
> are agents, and ones which have failed repeatedly over the decades.

We'll likely never meet in person.  You have a sensitive message
to send me about Postfix or OpenSSL or something like that.  Now
what?

Or more likely you have nothing sensitive to send me at all, but
prefer not to have your communications routinely intercepted or
stored in the clear.  Now what?

The draft strives to make PGP scale, with an inevitable trade-off
in identity assurance.  The security needs of covert-agents are
not the same as the security needs of most ordinary citizens.

Folks who want "covert agent security" need to know what tools and
systems they can't avoid trusting (a trusted party is one that can
betray you), and then, if they are careful, avoid trusting
everything/everyone else.

The rest of us need to make reasonable compromises, that protect
most of us most of the time, ideally keeping Orwellian nightmares
in check.

-- 
	Viktor.