IETF Logo Mail Archive

Re: [openpgp] OpenPGP private certification

Phillip Hallam-Baker <phill@hallambaker.com> Wed, 08 April 2015 13:06 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 776221A6EF1 for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:06:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6p4A7uXuUfrS for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:06:02 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D3831A1EF6 for <openpgp@ietf.org>; Wed, 8 Apr 2015 06:05:46 -0700 (PDT)
Received: by lagv1 with SMTP id v1so65409252lag.3 for <openpgp@ietf.org>; Wed, 08 Apr 2015 06:05:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=k13lB5F0L4q03oLk1R8QW86JyfpcaUBOKxLnRlG+CVU=; b=AGsTHR3RB37UtJtMcha4AtHgVMaTDv6TRWvMMBDyPS5qY9zehrwiDZ72j+wfPekl6k HuFmRE6QYTaps2LMtJGyHc4LX+RxCGwmrQ4a659Zm31oXAigwQfgsP1YLkogEuc9ELyK J15Q7nRnHVH2dhIgk0jnv9khkWYnx9KLIyIcDrs37nPQQ3QdUzPWi+RNr0gTtdaOrAi7 Vs5ZXzjUsXJTpFkr8D9prw1Q837JDI1mnqy621FvV9xovsz4dDQLZ/199l9aK79pi7hI ZAKAaOXL0sqwiQ8BEIM8as6PK0sWvGGNhWpR7cXegTPaSLTYdPAMnDekplxx+R/zZkqe uyeg==
MIME-Version: 1.0
X-Received: by 10.152.6.1 with SMTP id w1mr16127962law.91.1428498345083; Wed, 08 Apr 2015 06:05:45 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 8 Apr 2015 06:05:44 -0700 (PDT)
In-Reply-To: <87mw2i28nr.fsf@vigenere.g10code.de>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <sjmvbheioxv.fsf@securerf.ihtfp.org> <CAMm+Lwi4zsnQoX0R0CRbmDceLKi8B3ipHnBvSqNgo8FA8UYh3w@mail.gmail.com> <87mw2i28nr.fsf@vigenere.g10code.de>
Date: Wed, 08 Apr 2015 09:05:44 -0400
X-Google-Sender-Auth: Xjv1dxFIIG_JHNsnHrzV1skDyy8
Message-ID: <CAMm+Lwief440=CdrQrjma1qrFHJYKTZAM5gZ1N9mMVikFvDzSw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/AsF9NInqyasRP1fj6CTtfmP19MI>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, Derek Atkins <derek@ihtfp.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] OpenPGP private certification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 13:06:03 -0000

On Wed, Apr 8, 2015 at 6:53 AM, Werner Koch <wk@gnupg.org> wrote:
> On Thu,  2 Apr 2015 18:09, phill@hallambaker.com said:
>
>> Since the key servers won't allow me to revoke the cert for the
>> private key I have no control over, I think that it would be more
>
> They allow that but you need to have a key prepared for this:
>
>  5.2.3.15.  Revocation Key
>
>    (1 octet of class, 1 octet of public-key algorithm ID, 20 octets of
>    fingerprint)
>
>    Authorizes the specified key to issue revocation signatures for this
>    key.  Class octet must have bit 0x80 set.  If the bit 0x40 is set,
>    then this means that the revocation information is sensitive.  Other
>    bits are for future expansion to other kinds of authorizations.  This
>    is found on a self-signature.
>
> ("gpg --edit-key, addrevoker" to set such a key and "gpg --desig-revoke"
>  to issue a revocation)

If I could remember my passphrase then I would not need to revoke.

My point here is that if we want to get a billion people using
encrypted mail then it has to offer iPhone class usability, not OK for
1990s usability.


There are plenty of ways that the scheme could be fixed. Since key
server enrollment can be made automatic, it would be pretty easy to
renew the enrollment once every n months and discard keys that have
not been renewed for 5 years or for more than a year if there is a
replacement key.

Having the key servers continue to regurgitate false or stale data
forever because there is no way to stop them does not seem like an
acceptable plan to me.

v2.23.0 | Report a Bug | By Email