Re: [openpgp] OpenPGPv5 wish list

Philippe Cerfon <> Mon, 29 April 2013 23:09 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 697CA21F9BCA for <>; Mon, 29 Apr 2013 16:09:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.652
X-Spam-Status: No, score=-1.652 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, SARE_UNSUB22=0.948]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id t-XDbdYEqR+3 for <>; Mon, 29 Apr 2013 16:09:17 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c02::22d]) by (Postfix) with ESMTP id 29E2521F9BC6 for <>; Mon, 29 Apr 2013 16:09:17 -0700 (PDT)
Received: by with SMTP id 21so2712711iay.4 for <>; Mon, 29 Apr 2013 16:08:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=vwFVqS3C1LW8MWm6U2lI+NIQW+LR8vLWp8W9zHG/dHA=; b=KZrzUPYEq5EY0USw5cwKk0+svMwPITOtoNo6GXC440+ZeTVb98lYWXuMMVyZJhZb2i CDd5pmRWBn5eqhvkU1+E6B6qiy2ktxBaH38iZpLRiemNCUCnerxvlwH615azc3pCdUuE 2eqraFCU+aiNpJoU4hdTfsTyzQP5dGOHFXYXhfbDDmhG1UgxLgj/TWIR0582/LG0OMY1 NoDnCqn1i8eYXuAaOZJgBdeWo7mocsB94RadxoNNXq9g57EnKR/YFv+kMtqLdbh/CSQt tmV03wUjN+W/1B/gzWpaYalHQcGH9BvyGoXPE8WlR1vw3SNalMXCf0F5ZQbyfkhbKE7+ g02w==
MIME-Version: 1.0
X-Received: by with SMTP id s5mr13500203ice.2.1367276924743; Mon, 29 Apr 2013 16:08:44 -0700 (PDT)
Received: by with HTTP; Mon, 29 Apr 2013 16:08:44 -0700 (PDT)
In-Reply-To: <>
References: <> <>
Date: Tue, 30 Apr 2013 01:08:44 +0200
Message-ID: <>
From: Philippe Cerfon <>
To:, Hauke Laging <>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: Re: [openpgp] OpenPGPv5 wish list
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Apr 2013 23:09:18 -0000

On Mon, Apr 29, 2013 at 8:40 PM, Werner Koch <>; wrote:
> Depends on what you call advanced.  OpenPGP is a low-level protocol and
> never really tried to address the application layer.
Well I think what has been proposed here now all belongs to the lowest
layer, it’s just cleaning up that one and making it more general.
Especially the proposals by Hauke seem to be just what the key
management system should be responsible for and which OpenPGP
currently cannot really fulful. Like that I have several subkeys where
one is explicitly marked as "not so safe" because I use it e.g. on my
Android phone... and where clients have a machine readable way to warn
me about data signed by such keys.

Also my proposals for having more (standardised) descriptive fileds
(name, address, IM, colour of eyes, employee) seems to be quite
crucial to me.
Right now people put such distinguising information often as comment
into their UID, but that kinda sucks (and it kinda violates the email
RFCs, which tell that any client interpreting mail addresses must
ignore the comments).

Or I'd like to be able to also include IM addresses in the keys, so
that such clients could use this information to select the right key,
which is expected on received messages.

> Why should a government do that?  eID cards started in Europe (iirc, the
> German electronic signature law was the first at all).  Europe has a
> history of waiting for X, aehmm the OSI network stack, and thus it is
> quite obvious that they started with X.400 et al.
Well I know,.. but now we give them even reason.

> Further, you can make
> more (consulting) money with weakly defined/complex protocols than with
> a clean solution.  The latter almost never wins (cf. IPSec lessons).

> Maybe not for your application, so go and use your own thing for it.
> There is nothing which will stop you.  What about putting a DN into it?
Well of course I can always do whatever I want... but isn't the whole
idea of a standard that everyone should follow it as far as possible?
Clearly I can put a semicolon separated list of address, jabber
account, date of birth, name and email address into the UID,... but
everyone will think I'm crazy.

> Because X.509 has all the useless bells and whistles which have been
> suggested in the past as the solution to every problem.  Well alright,
> OpenPGP provides very similar ways to implement such features but
> fortunately it has not yet been abused
Well but X.509 simply sucks for it's trust model ;-)

>   gpg -N '!'; ....
> makes foo a critical notation.
And there's a similar syntax for the other signature subpacktes? The
dates? The policy sig subpacket? Key usage? etc.?