Re: [openpgp] OpenPGP private certification
Phillip Hallam-Baker <phill@hallambaker.com> Wed, 08 April 2015 13:06 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 776221A6EF1 for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:06:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6p4A7uXuUfrS for <openpgp@ietfa.amsl.com>; Wed, 8 Apr 2015 06:06:02 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D3831A1EF6 for <openpgp@ietf.org>; Wed, 8 Apr 2015 06:05:46 -0700 (PDT)
Received: by lagv1 with SMTP id v1so65409252lag.3 for <openpgp@ietf.org>; Wed, 08 Apr 2015 06:05:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=k13lB5F0L4q03oLk1R8QW86JyfpcaUBOKxLnRlG+CVU=; b=AGsTHR3RB37UtJtMcha4AtHgVMaTDv6TRWvMMBDyPS5qY9zehrwiDZ72j+wfPekl6k HuFmRE6QYTaps2LMtJGyHc4LX+RxCGwmrQ4a659Zm31oXAigwQfgsP1YLkogEuc9ELyK J15Q7nRnHVH2dhIgk0jnv9khkWYnx9KLIyIcDrs37nPQQ3QdUzPWi+RNr0gTtdaOrAi7 Vs5ZXzjUsXJTpFkr8D9prw1Q837JDI1mnqy621FvV9xovsz4dDQLZ/199l9aK79pi7hI ZAKAaOXL0sqwiQ8BEIM8as6PK0sWvGGNhWpR7cXegTPaSLTYdPAMnDekplxx+R/zZkqe uyeg==
MIME-Version: 1.0
X-Received: by 10.152.6.1 with SMTP id w1mr16127962law.91.1428498345083; Wed, 08 Apr 2015 06:05:45 -0700 (PDT)
Sender: hallam@gmail.com
Received: by 10.112.147.165 with HTTP; Wed, 8 Apr 2015 06:05:44 -0700 (PDT)
In-Reply-To: <87mw2i28nr.fsf@vigenere.g10code.de>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com> <87vbhlt8tg.fsf@alice.fifthhorseman.net> <CAMm+Lwjo5eyCHNahqWcwUBoaevCw2s3WAeq-2=maW=JEpCFWxA@mail.gmail.com> <sjmvbheioxv.fsf@securerf.ihtfp.org> <CAMm+Lwi4zsnQoX0R0CRbmDceLKi8B3ipHnBvSqNgo8FA8UYh3w@mail.gmail.com> <87mw2i28nr.fsf@vigenere.g10code.de>
Date: Wed, 08 Apr 2015 09:05:44 -0400
X-Google-Sender-Auth: Xjv1dxFIIG_JHNsnHrzV1skDyy8
Message-ID: <CAMm+Lwief440=CdrQrjma1qrFHJYKTZAM5gZ1N9mMVikFvDzSw@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Werner Koch <wk@gnupg.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/AsF9NInqyasRP1fj6CTtfmP19MI>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, Brian Sniffen <bsniffen@akamai.com>, Derek Atkins <derek@ihtfp.com>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] OpenPGP private certification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 13:06:03 -0000
On Wed, Apr 8, 2015 at 6:53 AM, Werner Koch <wk@gnupg.org> wrote: > On Thu, 2 Apr 2015 18:09, phill@hallambaker.com said: > >> Since the key servers won't allow me to revoke the cert for the >> private key I have no control over, I think that it would be more > > They allow that but you need to have a key prepared for this: > > 5.2.3.15. Revocation Key > > (1 octet of class, 1 octet of public-key algorithm ID, 20 octets of > fingerprint) > > Authorizes the specified key to issue revocation signatures for this > key. Class octet must have bit 0x80 set. If the bit 0x40 is set, > then this means that the revocation information is sensitive. Other > bits are for future expansion to other kinds of authorizations. This > is found on a self-signature. > > ("gpg --edit-key, addrevoker" to set such a key and "gpg --desig-revoke" > to issue a revocation) If I could remember my passphrase then I would not need to revoke. My point here is that if we want to get a billion people using encrypted mail then it has to offer iPhone class usability, not OK for 1990s usability. There are plenty of ways that the scheme could be fixed. Since key server enrollment can be made automatic, it would be pretty easy to renew the enrollment once every n months and discard keys that have not been renewed for 5 years or for more than a year if there is a replacement key. Having the key servers continue to regurgitate false or stale data forever because there is no way to stop them does not seem like an acceptable plan to me.
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- Re: [openpgp] New encryption formats for messaging ianG
- Re: [openpgp] New encryption formats for messaging Christoph Anton Mitterer
- [openpgp] Manifesto - who is the new OpenPGP for? ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Falcon Darkstar Momot
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Stephen Paul Weber
- Re: [openpgp] Manifesto - who is the new OpenPGP … Wyllys Ingersoll
- Re: [openpgp] Manifesto - who is the new OpenPGP … Clint Adams
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] Manifesto - who is the new OpenPGP … Tim Bray
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … John Kreznar
- Re: [openpgp] Manifesto - who is the new OpenPGP … Werner Koch
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Brian Sniffen
- Re: [openpgp] Manifesto - who is the new OpenPGP … Bill Frantz
- Re: [openpgp] Manifesto - who is the new OpenPGP … Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- Re: [openpgp] Manifesto - who is the new OpenPGP … Christoph Anton Mitterer
- [openpgp] OpenPGP private certification [was: Re:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Daniel Kahn Gillmor
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- [openpgp] public logging of e-mail certificates [… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Daniel Kahn Gillmor
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification [was:… Derek Atkins
- Re: [openpgp] public logging of e-mail certificat… Brian Sniffen
- Re: [openpgp] OpenPGP private certification [was:… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] Manifesto - who is the new OpenPGP … ianG
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification Derek Atkins
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Phillip Hallam-Baker
- Re: [openpgp] OpenPGP private certification Christoph Anton Mitterer
- Re: [openpgp] OpenPGP private certification Werner Koch
- Re: [openpgp] OpenPGP private certification ianG
- Re: [openpgp] OpenPGP private certification [was:… ianG
- Re: [openpgp] public logging of e-mail certificat… Phillip Hallam-Baker
- Re: [openpgp] public logging of e-mail certificat… ianG
- [openpgp] New encryption formats for messaging David Leon Gil
- Re: [openpgp] OpenPGP private certification Ben McGinnes