IETF Logo Mail Archive

Re: [openpgp] ways forward wrt IETF wg - please try answer by Apr 8th

ianG <iang@iang.org> Thu, 02 April 2015 17:55 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C2991B2D5C for <openpgp@ietfa.amsl.com>; Thu, 2 Apr 2015 10:55:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3yDSMSyBCJR for <openpgp@ietfa.amsl.com>; Thu, 2 Apr 2015 10:54:59 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EB791ACEF3 for <openpgp@ietf.org>; Thu, 2 Apr 2015 10:54:54 -0700 (PDT)
Received: from tormenta.local (iang.org [209.197.106.187]) by virulha.pair.com (Postfix) with ESMTPSA id 1D9916D712; Thu, 2 Apr 2015 13:54:52 -0400 (EDT)
Message-ID: <551D826B.3080406@iang.org>
Date: Thu, 02 Apr 2015 18:54:51 +0100
From: ianG <iang@iang.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: openpgp@ietf.org
References: <551C3FAD.6040107@cs.tcd.ie>
In-Reply-To: <551C3FAD.6040107@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/-R_d6MsXihJRKxKQbTqbIgUDCQ8>
Subject: Re: [openpgp] ways forward wrt IETF wg - please try answer by Apr 8th
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2015 17:55:01 -0000

On 1/04/2015 19:57 pm, Stephen Farrell wrote:
> It would also really help me (and I suspect others) evaluate
> messages if you could say something about how you fit into
> the openpgp universe ...


In the period 1995-2002 approx I managed a team called Cryptix which 
produced Java & Perl implementations of PGP 2 and then OpenPGP.  This 
was originally written to support a payments system that based its 
crypto/security packets on PGP.  (Sometime around 2012 I replaced the 
Cryptix & OpenPGP with a custom cut-down internal design I call SKF for 
SOX Key Format.)



> option 4: move beyond openpgp (or smime) to develop a new
> flavour of end-to-end security for interpersonal messaging,
> possibly not that tightly coupled to email, but at least
> supporting an email flavour
...
> option 4t: option 4 + add some trust model/key management


Option 4t is what I would favour.

The reason being that I have since replaced all the direct OpenPGP code 
with my own design, because it's more efficient (lean, easier to hack), 
and it meets the needs of the late 2000s identity concept I work to.  I 
wouldn't go backwards but I could possibly go forward to a newer 
design/architecture that incorporated much of the new knowledge.

And, say options 3t or option 4 is also possible to a lesser extent.




iang

v2.23.0 | Report a Bug | By Email