IETF Logo Mail Archive

Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver

ilf <ilf@zeromail.org> Tue, 16 April 2019 19:56 UTC

Return-Path: <ilf@zeromail.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3137212049B for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2019 12:56:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IghqyN8XTGSS for <openpgp@ietfa.amsl.com>; Tue, 16 Apr 2019 12:56:24 -0700 (PDT)
Received: from smtpin.nadir.org (fry.nadir.org [217.114.68.218]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2789F120046 for <openpgp@ietf.org>; Tue, 16 Apr 2019 12:56:23 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtpin.nadir.org (Postfix) with ESMTP id B60EA7C95E2 for <openpgp@ietf.org>; Tue, 16 Apr 2019 21:56:19 +0200 (CEST)
Received: from smtpin.nadir.org ([127.0.0.1]) by localhost (fry.nadir.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPtwWJyCGJo6 for <openpgp@ietf.org>; Tue, 16 Apr 2019 21:56:19 +0200 (CEST)
Received: from snail.zeromail.org (mail.zeromail.org [217.114.68.185]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtpin.nadir.org (Postfix) with ESMTPS id 7F9187C94BA for <openpgp@ietf.org>; Tue, 16 Apr 2019 21:56:19 +0200 (CEST)
Received: from [127.0.0.1] (localhost [127.0.0.1])ng TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by snail.zeromail.org (Postfix) with ESMTPSA id 22CE5BFC99 for <openpgp@ietf.org>; Tue, 16 Apr 2019 21:56:18 +0200 (CEST)
Date: Tue, 16 Apr 2019 21:56:14 +0200
From: ilf <ilf@zeromail.org>
To: openpgp@ietf.org
Message-ID: <20190416195614.GH1226@zeromail.org>
Mail-Followup-To: openpgp@ietf.org
References: <87v9zt2y2d.fsf@fifthhorseman.net> <20190412201300.GJ1226@zeromail.org> <87ef635hmt.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="BzSjWsyRXn5FzoOl"
Content-Disposition: inline
In-Reply-To: <87ef635hmt.fsf@fifthhorseman.net>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/EwxLwNMe2jskgZvBubDBZ8zjCUM>
Subject: Re: [openpgp] Modelling an abuse-resistant OpenPGP keyserver
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2019 19:56:27 -0000

Daniel Kahn Gillmor:
> I've only seen a few merge requests, and none of them from "ilf"

Sorry, my Gitlab skills are weak. I created patches but forgot to create 
merge requests. They are now submitted, but unfortunately against the 
now-outdated version. I assume that some are fixed, but most should 
still work to merge easily.

>> I wonder about the definition of "certificate discovery" here. Even 
>> without UIDs, these keystores could be used for the *retrieval* of 
>> specific certificates whose fingerprint (or key ID) is known. This can 
>> be the case for signatures (over mails, software or documents) or 
>> keylists like in https://tools.ietf.org/html/draft-mccain-keylist
> I agree, but this distinction is what the document already tries to make 
> between certificate *discovery* (lookup by UID or UID substring) and 
> certificate *update* (lookup by primary key fingerprint).

The "Terminology" section sais:

> "Certificate discovery" is the process whereby a user retrieves an 
> OpenPGP certificate based on user ID
> "Certificate update" is the process whereby a user fetches new 
> information about a certificate

IMHO:

> "Certificate discovery" is the process whereby a user retrieves an 
> OpenPGP certificate based on the fingerprint (or key ID)

With this definition, every "update" is a "retrieval", but not every 
"retrieval" is an "update". I'm not sure how helpful yet another term 
would be, maybe could leave it our for simplicity, but I for one 
stumbled across that section.

-- 
ilf

If you upload your address book to "the cloud", I don't want to be in it.

v2.23.0 | Report a Bug | By Email