IETF Logo Mail Archive

Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))

Bill Frantz <frantz@pwpconsult.com> Mon, 02 July 2018 00:20 UTC

Return-Path: <frantz@pwpconsult.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A860130E31 for <openpgp@ietfa.amsl.com>; Sun, 1 Jul 2018 17:20:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.619
X-Spam-Level:
X-Spam-Status: No, score=-2.619 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KYvhhLXiR0-Q for <openpgp@ietfa.amsl.com>; Sun, 1 Jul 2018 17:20:20 -0700 (PDT)
Received: from elasmtp-dupuy.atl.sa.earthlink.net (elasmtp-dupuy.atl.sa.earthlink.net [209.86.89.62]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86C90130E2B for <openpgp@ietf.org>; Sun, 1 Jul 2018 17:20:20 -0700 (PDT)
Received: from [47.143.125.3] (helo=Williams-MacBook-Pro.local) by elasmtp-dupuy.atl.sa.earthlink.net with esmtpa (Exim 4) (envelope-from <frantz@pwpconsult.com>) id 1fZma4-0002Zz-LT for openpgp@ietf.org; Sun, 01 Jul 2018 20:20:36 -0400
Date: Sun, 01 Jul 2018 17:20:18 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: openpgp@ietf.org
X-Priority: 3
In-Reply-To: <7CA41263-1E09-4866-A89E-EB6F01797257@icloud.com>
Message-ID: <r480Ps-10135i-EE3411724C4745B181C71C9EC4310E2D@Williams-MacBook-Pro.local>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Mailsmith 2.4.3 (480)
X-ELNK-Trace: 3a5e54fa03f1b3e21aa676d7e74259b7b3291a7d08dfec7977d65d788bef6b0fa658147f4bff8ac2350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 47.143.125.3
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/K1oaDrYqVkdwLy1qLkrUhH18kRs>
Subject: Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 00:20:22 -0000

On 7/1/18 at 5:10 PM, joncallas@icloud.com (Jon Callas) wrote:

>>On the other hand I like the "hand wavy" approach to User IDs, I think it's underutilized :-)
>
>Sure, but it means that you are using a generic text field in 
>ways that are hard to parse. Why not define it?

And needing to parse hard to parse fields is a well known 
security problem because the resulting bugs are often exploitable.

Cheers - Bill

--------------------------------------------------------------
Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

v2.23.0 | Report a Bug | By Email