IETF Logo Mail Archive

Re: [openpgp] OpenPGP private certification

Werner Koch <wk@gnupg.org> Wed, 08 April 2015 13:41 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 164181A873D for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:41:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUbCaOAcA45e for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:41:34 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A26EC1A8718 for <openpgp@ietf.org>; Wed, 8 Apr 2015 06:41:34 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YfqEX-0006xQ-1Y for <openpgp@ietf.org>; Wed, 08 Apr 2015 15:41:33 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1Yfq8L-00072F-MC; Wed, 08 Apr 2015 15:35:09 +0200
From: Werner Koch <wk@gnupg.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <sjmvbheioxv.fsf@securerf.ihtfp.org> <CAMm+Lwi4zsnQoX0R0CRbmDceLKi8B3ipHnBvSqNgo8FA8UYh3w@mail.gmail.com> <87mw2i28nr.fsf@vigenere.g10code.de> <CAMm+Lwief440=CdrQrjma1qrFHJYKTZAM5gZ1N9mMVikFvDzSw@mail.gmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Date: Wed, 08 Apr 2015 15:35:09 +0200
In-Reply-To: <CAMm+Lwief440=CdrQrjma1qrFHJYKTZAM5gZ1N9mMVikFvDzSw@mail.gmail.com> (Phillip Hallam-Baker's message of "Wed, 8 Apr 2015 09:05:44 -0400")
Message-ID: <87vbh6zqsy.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/00Nqx0iKXUZ1lfX1SVHcPwePodI>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, Derek Atkins <derek@ihtfp.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] OpenPGP private certification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 13:41:38 -0000

On Wed,  8 Apr 2015 15:05, phill@hallambaker.com said:

> My point here is that if we want to get a billion people using
> encrypted mail then it has to offer iPhone class usability, not OK for
> 1990s usability.

If that is the goal you only need to care about 140 character messages
or other useless status messages ;-).

Actually I prefer 1990s use of mail instead of todays 50% of mails are
going through Compuserve^WGmail.  But yeah, I am on a lost position with
that.

> There are plenty of ways that the scheme could be fixed. Since key
> server enrollment can be made automatic, it would be pretty easy to
> renew the enrollment once every n months and discard keys that have

It is about mail.  Mail addresses are defined by the DNS.  Bind the keys
to the DNS and your are done.  This needs support from the mail
providers, though.

I doubt that we will be able to deploy a large, encrypted, anonymous,
and decentralized mail network unless we can build upon a transport
layer to solve the basic problems of todays Internet.  For now we need
the help of some central services to get things going.

> Having the key servers continue to regurgitate false or stale data
> forever because there is no way to stop them does not seem like an
> acceptable plan to me.

Think of signature verification.  It should work even after a mail/key
association has been disolved for example after a provider change.  I
agree that this is onluy a problem for a smaller group but this is
something a keyserver network can be useful even after the migration of
the public key store from keyserver to more controlled service (DNS,
Web, whatever).  Deleting keys from the keyservers is thus not going to
work.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email