I-D Action: draft-dkg-openpgp-abuse-resistant-keystore-06.txt
internet-drafts@ietf.org Fri, 18 August 2023 22:34 UTC
Return-Path: <internet-drafts@ietf.org>
X-Original-To: i-d-announce@ietf.org
Delivered-To: i-d-announce@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C9FFAC14CEF9 for <i-d-announce@ietf.org>; Fri, 18 Aug 2023 15:34:50 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: i-d-announce@ietf.org
Subject: I-D Action: draft-dkg-openpgp-abuse-resistant-keystore-06.txt
X-Test-IDTracker: no
X-IETF-IDTracker: 11.8.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169239809080.54763.12810199076173396249@ietfa.amsl.com>
Date: Fri, 18 Aug 2023 15:34:50 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/i-d-announce/Xqi6T5H9P2HPi1eugXAtjMOnXA8>
X-BeenThere: i-d-announce@ietf.org
X-Mailman-Version: 2.1.39
List-Id: Internet Draft Announcements only <i-d-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/i-d-announce/>
List-Post: <mailto:i-d-announce@ietf.org>
List-Help: <mailto:i-d-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/i-d-announce>, <mailto:i-d-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Aug 2023 22:34:50 -0000
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : Abuse-Resistant OpenPGP Keystores
Author : Daniel Kahn Gillmor
Filename : draft-dkg-openpgp-abuse-resistant-keystore-06.txt
Pages : 56
Date : 2023-08-18
Abstract:
OpenPGP transferable public keys are composite certificates, made up
of primary keys, revocation signatures, direct key signatures, user
IDs, identity certifications ("signature packets"), subkeys, and so
on. They are often assembled by merging multiple certificates that
all share the same primary key, and are distributed in public
keystores.
Unfortunately, since many keystores permit any third-party to add a
certification with any content to any OpenPGP certificate, the
assembled/merged form of a certificate can become unwieldy or
undistributable. Furthermore, keystores that are searched by user ID
or fingerprint can be made unusable for specific searches by public
submission of bogus certificates. And finally, keystores open to
public submission can also face simple resource exhaustion from
flooding with bogus submissions, or legal or other risks from uploads
of toxic data.
This draft documents techniques that an archive of OpenPGP
certificates can use to mitigate the impact of these various attacks,
and the implications of these concerns and mitigations for the rest
of the OpenPGP ecosystem.
The IETF datatracker status page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/
There is also an htmlized version available at:
https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-abuse-resistant-keystore-06
A diff from the previous version is available at:
https://author-tools.ietf.org/iddiff?url2=draft-dkg-openpgp-abuse-resistant-keystore-06
Internet-Drafts are also available by rsync at rsync.ietf.org::internet-drafts
- I-D Action: draft-dkg-openpgp-abuse-resistant-key… internet-drafts