[openpgp] Trust models...
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 01 April 2015 23:27 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BD621A3B9D for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 16:27:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YV1z5Hwp5962 for <openpgp@ietfa.amsl.com>; Wed, 1 Apr 2015 16:27:46 -0700 (PDT)
Received: from mail-la0-x235.google.com (mail-la0-x235.google.com [IPv6:2a00:1450:4010:c03::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E70541AC3C6 for <openpgp@ietf.org>; Wed, 1 Apr 2015 16:27:33 -0700 (PDT)
Received: by lagg8 with SMTP id g8so48321760lag.1 for <openpgp@ietf.org>; Wed, 01 Apr 2015 16:27:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:cc:content-type; bh=Ont8wK/HDVH+F5UmnRPj0ZFMySUEk9El2hgKGqL+XQI=; b=i09orznNu5uPToFLgOu4PMILNzj2uN87TKv9nAonmW/3JtpzjWcaKcnIj+utZvczx8 KYMPa9Goal379OqQ1yR9+qZPLG9L1MoqycZ6R8i5MjSxehjdlyJGTILc+HgfVK7kHBzf YrICkSTIZGwLocGEfEz4RszenVmaD4yQujoE+zfw3JR4RC3svTbcTgNo86Le1R4ok7bT nC8PpLuS3K/a5X3l0tr355QMimg+7Nc8/g00XEP9Ch8AK9HqnNLFwV3yOn1u9yFqCgNG H2c/pl21K5L/sA9o7xEXIR9j75NAVd7MDF20oxA1JZPYHxApiRSo+wVcpSbZnQ+KR4jh pFfw==
MIME-Version: 1.0
X-Received: by 10.112.13.7 with SMTP id d7mr38131049lbc.79.1427930852481; Wed, 01 Apr 2015 16:27:32 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 1 Apr 2015 16:27:32 -0700 (PDT)
Date: Wed, 01 Apr 2015 19:27:32 -0400
X-Google-Sender-Auth: Ck7EntXjRDevNsc1Qk2pjjGpmro
Message-ID: <CAMm+Lwiu0wFUdP1oXmcrNaLb7gPQtOUAf0_n9AV4nVgzrGkqaw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/4VRCYX5qwFIOSVN0G4GLEpT7UVo>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: [openpgp] Trust models...
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 23:27:47 -0000
On Wed, Apr 1, 2015 at 4:27 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote: > On Wed 2015-04-01 14:57:49 -0400, Stephen Farrell wrote: > I think i favor this approach, ideally *without* adding trust model work > into the mix. > > Trying to explicitly declare a standardized trust model would be a > mistake for the WG. it's a huge rat hole, and a "one trust model fits > all" approach is probably illegitimate at some deeper level, since > different people have different adversaries. My conclusion exactly. I wrote this up in a draft. Some problems you want to do TOFU, some you want to have Web of Trust, others you want hierarchies. Web of Trust would not work well for the DoD etc. etc. > If there's any work to be done with trust models, it would be to write a > document that tries to describe one or more of the more common > approaches to trust models (e.g. the GnuPG default arrangement, or > whatever sort of TOFU mechanism that PHB thinks is what everyone > "actually uses"). http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-01 My point is that we have two separable issues. 1) What key and security policy should Alice use to contact Bob? 2) How does Alice decide she can trust the answer to 1? OpenPGP, PKIX, SPKI, etc, etc, disagree on answers to 2. Trans makes a difference, etc. etc. That is the research problem. We can't and shouldn't standardize the way that we arrive at the answer but we can agree on the delivery method. > a) update the fingerprint format (avoid inclusion of creation date, use > stronger digest algorithm; i'm dubious about embedding algorithm > agility in the fingerprint itself, but explicit version info in the > fingerprint might be reasonable so we don't have to keep guessing by > fpr structure for future versions) I certainly don't see a need for 'agility'. But I think we need a version number so we can change the algorithm infrequently If we can define the fingerprint format in a manner that is friendly to PKIX and OpenPGP then it will make convergence a lot easier.
- [openpgp] Trust models... Phillip Hallam-Baker