Re: [openpgp] Scoped trust (signatures)

Christian Huitema <huitema@huitema.net> Fri, 01 June 2018 14:30 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0AD512D880 for <openpgp@ietfa.amsl.com>; Fri, 1 Jun 2018 07:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.506
X-Spam-Level:
X-Spam-Status: No, score=-2.506 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTML_OBFUSCATE_10_20=0.093, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y_CrhdiX6Eyr for <openpgp@ietfa.amsl.com>; Fri, 1 Jun 2018 07:30:16 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD51612D875 for <openpgp@ietf.org>; Fri, 1 Jun 2018 07:30:15 -0700 (PDT)
Received: from xsmtp03.mail2web.com ([168.144.250.223]) by mx62.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.89) (envelope-from <huitema@huitema.net>) id 1fOl4G-000CQs-Vq for openpgp@ietf.org; Fri, 01 Jun 2018 16:30:14 +0200
Received: from [10.5.2.52] (helo=xmail12.myhosting.com) by xsmtp03.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1fOl47-0004PX-Bn for openpgp@ietf.org; Fri, 01 Jun 2018 10:30:09 -0400
Received: (qmail 22404 invoked from network); 1 Jun 2018 14:30:01 -0000
Received: from unknown (HELO [192.168.1.103]) (Authenticated-user:_huitema@huitema.net@[172.56.42.246]) (envelope-sender <huitema@huitema.net>) by xmail12.myhosting.com (qmail-ldap-1.03) with ESMTPA for <openpgp@ietf.org>; 1 Jun 2018 14:30:01 -0000
Content-Type: multipart/alternative; boundary="Apple-Mail-41AA58EF-2157-4341-B8DA-D94EDB09FCF2"
Mime-Version: 1.0 (1.0)
From: Christian Huitema <huitema@huitema.net>
X-Mailer: iPhone Mail (15E302)
In-Reply-To: <1889E5F8-066A-4175-82FC-531B8608909E@icloud.com>
Date: Fri, 01 Jun 2018 07:29:59 -0700
Cc: "Neal H. Walfield" <neal@walfield.org>, openpgp@ietf.org, Leo Gaspard <ietf=40leo.gaspard.ninja@dmarc.ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <191F8A70-0019-4154-865C-0FC2A34E0F29@huitema.net>
References: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja> <871sdw24yd.wl-neal@walfield.org> <AF956CFF-8FAF-4E0E-8103-01462721E8F0@icloud.com> <87vab8yxw1.wl-neal@walfield.org> <1889E5F8-066A-4175-82FC-531B8608909E@icloud.com>
To: Jon Callas <joncallas@icloud.com>
X-Originating-IP: 168.144.250.223
X-AntiSpamCloud-Domain: xsmtpout.mail2web.com
X-AntiSpamCloud-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-AntiSpamCloud-Outgoing-Class: unsure
X-AntiSpamCloud-Outgoing-Evidence: Combined (0.20)
X-Recommended-Action: accept
X-Filter-ID: EX5BVjFpneJeBchSMxfU5qHmjChROEILyXV1sCY1+4B602E9L7XzfQH6nu9C/Fh9KJzpNe6xgvOx q3u0UDjvOzru8NNmGiOQqImVw2q8oD6Ibg6INTucL51iwLVw9Lt6EBrDd9L8isx9h1IkPhqpR58j cRWGrGPw27W+gUvIvJNVr8eP+Wmp/y/AB2KysgGDtZYnVUBFGGZHk0uFiyMplLUJ8oN+d2/1YClf NOnZIS+k7MxK87c44TynDTcugpM/kRBtrTRM/4TRHmTy40yDhnXc9h1jP0GCLUBD5fsSyyeBaQIi fdaGzMoXcgXnOXfsRAwX31WVY5lWjWxuGSRuxURW8UvT0kUDO7BO02wlaiMJNrZqjoiSWdcjcZLv /Am2ptBB9icD2fnZzw/HNF6wGm/P3Q658NtotfOVlwP9Y9difvX7GxYM34o1TppnqMQvRsaiauSV ohXqcOBLfm7uY6BmNlijRSWQzbBZx5Si4hrQHolQlVdf0A32Xtl5FAWDghl42JYqqDQ3Y4iSUDm3 2q0jiD6XqsJZtjQxlyCdsewAXriecQRcQmCLLh6f2LA2F8FcHzzV3acxBudgYcInb6ijpGixFRT3 rd8R2HZmTseZ4+t4LK79cWIqQA4tGr3po0jfgLl+Ahd0TIbt0Zij6hgeJ07QR0GiieIKGR3KfdmQ xACKGgjW6av7lJfpYBfZhfURd0e4QPXFipyALWtbLFwBl1z1+w2zS/h3e6UiVRfwaCeVXpCv1sFg cqoPk5QcFiGH7Duhk0ap5LnfGgDarmeqA47D/juB1cx4exzYk7zGRNvb2Jhdd2bCgCq95vNY647l NwN4qOsSZg+fYhVZGwX3xdN+1KruynacUoWIYszVwaDsyRiTeu4Ip+KAECko9HdE0Smt1e6HZuGs N7RwePAFMvX7q8M4x6bP/gjzw0OFbIWNJOiaifOc2xlkb46Pa4K5MPGI7fF8+j7E9IwdcQR2aish SbQcCCOvcJLn8v/2OKHH5lr9xXvSM4nM3avg
X-Report-Abuse-To: spam@quarantine6.antispamcloud.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/A4cskJhytF7K-MEsGJJktZJY9bQ>
Subject: Re: [openpgp] Scoped trust (signatures)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2018 14:30:18 -0000

> On Jun 1, 2018, at 12:25 AM, Jon Callas <joncallas@icloud.com> wrote:
> 
> ...
> 
> Does “example.com” match “mail.example.com”? Either yes or no is completely reasonable. Does “*.example.com” (which obviously matches “mail.example.com") match “example.com”? In this case, I think that the answer is yes, but gentle persons can disagree. I’d just roll my eyes if you said no, because yeah, sure, there’s no problem in having your list of domains have both “example.com” and “*.example.com” to be explicit about it. I see the point.


Matching domains is indeed hard, but people are working on it. You may want to check the list of public prefixes maintained by Mozilla et al as an open source project:

https://github.com/publicsuffix/list

-- Christian Huitema