IETF Logo Mail Archive

Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?

Derek Atkins <derek@ihtfp.com> Wed, 06 July 2016 15:00 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95DB112D0A4 for <openpgp@ietfa.amsl.com>; Wed, 6 Jul 2016 08:00:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DycpiLte0dNM for <openpgp@ietfa.amsl.com>; Wed, 6 Jul 2016 08:00:29 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AD5312B05F for <openpgp@ietf.org>; Wed, 6 Jul 2016 08:00:29 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id A9637E203F; Wed, 6 Jul 2016 10:59:57 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 06418-09; Wed, 6 Jul 2016 10:59:55 -0400 (EDT)
Received: from securerf.ihtfp.org (IHTFP-DHCP-159.IHTFP.ORG [192.168.248.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id B9B87E2040; Wed, 6 Jul 2016 10:59:54 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1467817194; bh=Wa77qmMVgW8Ghugkr2dxPlAc73UZrTV1z782487W+Og=; h=From:To:Cc:Subject:References:Date:In-Reply-To; b=Uj7ykXqBseOptuwAbLCjxl8k0ZUqeGrm/Nu8DPZBfzLRQzwFM9yJZcw5TfHIszYSQ APwUlzdIMXqols9mkMAVfyp416A5CiwHws11oeqTrD6/KvGXF/OqSIu+0YiaVEvFFL wQPieEmkQxI1ESimbOxeVBeDU3feaN4TwTsen69A=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id u66Exoe7024818; Wed, 6 Jul 2016 10:59:50 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <20160701153304.332d2c95@pc1> <874m86xq04.fsf@alice.fifthhorseman.net> <9A043F3CF02CD34C8E74AC1594475C73F4CB97D2@uxcn10-5.UoA.auckland.ac.nz> <5779E086.9000506@brainhub.org> <BAB41369-E007-4342-8E89-1F023EA851E1@icloud.com> <CAMm+Lwj5F3x4pqGQ2DjDxAqGxsoiBSqK5ToFi-A-nouNDPeH_A@mail.gmail.com>
Date: Wed, 06 Jul 2016 10:59:50 -0400
In-Reply-To: <CAMm+Lwj5F3x4pqGQ2DjDxAqGxsoiBSqK5ToFi-A-nouNDPeH_A@mail.gmail.com> (Phillip Hallam-Baker's message of "Tue, 5 Jul 2016 19:05:20 -0400")
Message-ID: <sjmwpkyq0bd.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/GXxpHhto38qomW4Xovb4vQ92GHY>
Cc: IETF OpenPGP <openpgp@ietf.org>, Jon Callas <joncallas@icloud.com>
Subject: Re: [openpgp] Can the OpenPGP vs. S/MIME situation be fixed?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jul 2016 15:00:31 -0000

Phillip Hallam-Baker <phill@hallambaker.com> writes:

>     There's how you issue certificates (the whole CA/introducer issue(s)),
>     whether certs contain one key or key sets, how they are transported (S/
>     MIME puts them in the message, OpenPGP in directories etc.), and even the
>     role of the internal layering. Note that OpenPGP is a binary (and UTF-8 is
>     still binary) object protocol with a drizzling of MIME-encoding frosting
>     over the top. That frosting is subject to its own interpretations. S/MIME
>     in contrast *starts* with the email and MIME object and underneath there's
>     CMS, usually almost as an afterthought. (Did you have a momentary "huh?"
>     in your head when you read CMS? Many people do, and that's the point.) S/
>     MIME starts at the top, OpenPGP starts at the bottom.
>    
>     And oh, there are also other things that have to be re-hashed like ASN.1
>     all over again and the things it drags along like encoding rules. This is
>     a good deal why perhaps its better to just push the other things up into
>     software. The reason that there are the two standards is that they address
>     different views of the world, technical as well as political.
>
> ​Two views of the world that are rather absolutist and thus wrong. Some parts
> of the world are hierarchical, others are not. A trust infrastructure needs to
> support both. But it isn't clear such infrastructure is best implemented
> inside a client.

OpenPGP can support hierarchical certificate deployments just fine (my
company is building one) as well as the Web of Trust model.  X.509
cannot support a Web of Trust deployment, period.

So there is a clear winner here.

-derek
-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

v2.23.0 | Report a Bug | By Email