IETF Logo Mail Archive

Re: pgp signing in van

Melinda Shore <melinda.shore@gmail.com> Sat, 07 September 2013 03:50 UTC

Return-Path: <melinda.shore@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 486BD21F9DF6 for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 20:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ISGrzoLku3Bi for <ietf@ietfa.amsl.com>; Fri, 6 Sep 2013 20:50:30 -0700 (PDT)
Received: from mail-pb0-x232.google.com (mail-pb0-x232.google.com [IPv6:2607:f8b0:400e:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id CCE7221F9DED for <ietf@ietf.org>; Fri, 6 Sep 2013 20:50:30 -0700 (PDT)
Received: by mail-pb0-f50.google.com with SMTP id uo5so4003146pbc.9 for <ietf@ietf.org>; Fri, 06 Sep 2013 20:50:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=tLCB0ssdVana3W1dhdjwgfyOg5J52glCH9wVQpnqRsc=; b=o9oTIh798Ym5C48f5fwN4C35ZqjTzu1x6zG8sp47QBZmEvSEkbHImNR1nQbaYO+QvN KJNOcNk58BqLdm+n50QC5No/997dZT3yb7DjaAgdA26xWBHnszDsEQ9HTB2CagiDpMlh W4XKlJJ80faO7QVywefTD9aHhynqX2awLfByYnQz+80alnRpiqgU3s8yxTJe0EmemkAx T+Jn4Xc6HGN2KMMPCjvtiY4tcVYKBaq75OjG4KIXgFtueVTPUlEq3O8ZEz1qIN1TR0ZQ vKdvkGeb42uVfRW4fI5okEfaCB0mMmgRdrBJGKejPFUY4IcDlFqXBZ26ovN7+IxZr4vE uDkQ==
X-Received: by 10.68.95.4 with SMTP id dg4mr6552598pbb.34.1378525830571; Fri, 06 Sep 2013 20:50:30 -0700 (PDT)
Received: from spandex.local (66-230-112-61-rb1.fai.dsl.dynamic.acsalaska.net. [66.230.112.61]) by mx.google.com with ESMTPSA id bu4sm1204816pbc.11.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Sep 2013 20:50:29 -0700 (PDT)
Message-ID: <522AA284.4060106@gmail.com>
Date: Fri, 06 Sep 2013 19:50:28 -0800
From: Melinda Shore <melinda.shore@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: pgp signing in van
References: <m2zjrq22wp.wl%randy@psg.com> <D2B391D8-B7D9-4A17-BF34-1DAEA2144339@nominum.com> <522A99BA.7000103@gmail.com> <2917243.BH7XVtJ1Kp@scott-latitude-e6320>
In-Reply-To: <2917243.BH7XVtJ1Kp@scott-latitude-e6320>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Sep 2013 03:50:31 -0000

On 9/6/13 7:45 PM, Scott Kitterman wrote:
> They have different problems, but are inherently less reliable than web of 
> trust GPG signing.  It doesn't scale well, but when done in a defined context 
> for defined purposes it works quite well.  With external CAs you never know 
> what you get.

Vast numbers of bits can be and have been spent on the problems
with PKI and on vulnerabilities around CAs (and the trust model).
I am not arguing that PKI is awesome.  What I *am* arguing is that
the semantics of the trust assertions are pretty well-understood
and agreed-upon, which is not the case with pgp.  When someone
signs someone else's pgp key you really don't know why, what the
relationship is, what they thought they were attesting to, etc.

Melinda

v2.23.0 | Report a Bug | By Email