Re: [openpgp] Scoped trust (signatures)
"Neal H. Walfield" <neal@walfield.org> Sun, 27 May 2018 20:56 UTC
Return-Path: <neal@walfield.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E625F12FB62 for <openpgp@ietfa.amsl.com>; Sun, 27 May 2018 13:56:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aHZWu3q4v3Ys for <openpgp@ietfa.amsl.com>; Sun, 27 May 2018 13:56:15 -0700 (PDT)
Received: from mail.dasr.de (mail.dasr.de [217.69.77.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 727DC12FB56 for <openpgp@ietf.org>; Sun, 27 May 2018 13:56:15 -0700 (PDT)
Received: from 4.250.26.109.rev.sfr.net ([109.26.250.4] helo=chu.walfield.org) by mail.dasr.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.86_2) (envelope-from <neal@walfield.org>) id 1fN2i3-0002SX-78; Sun, 27 May 2018 20:56:11 +0000
Date: Sun, 27 May 2018 22:56:10 +0200
Message-ID: <871sdw24yd.wl-neal@walfield.org>
From: "Neal H. Walfield" <neal@walfield.org>
To: Leo Gaspard <ietf=40leo.gaspard.ninja@dmarc.ietf.org>
Cc: openpgp@ietf.org
In-Reply-To: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja>
References: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Gojō) APEL/10.8 EasyPG/1.0.0 Emacs/25.1 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="ISO-2022-JP"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/S7sDU5PQ3VR5bmRuvreJogUfvR4>
Subject: Re: [openpgp] Scoped trust (signatures)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 May 2018 20:56:30 -0000
Hi Leo, On Fri, 18 May 2018 22:26:03 +0200, Leo Gaspard wrote: > As I understand it, RFC4880 already has a provision for such a model, > with §5.2.3.14 _Regular Expression_. > > However, there is from my reading an issue with (the wording of) this > section: it only restricts one-level trust signatures. In other words, > from my reading, if: > * User U trusts(255, r".*<.*@ca-a.com>") "A <root@ca-a.com>" > * root@ca-a.com trusts(255, r".*<.*@example.org>") "B <b@ca-a.com>" > * b@ca-a.com signs "C <c@example.org>" > > Then, from A's point of view: > * root@ca-a.com has trust(255, r".*<.*@ca-a.com>") > * b@ca-a.com has trust(254, r".*<.*@example.org>") > * c@example.org is valid For reference, here's the relevant text: 5.2.3.14. Regular Expression Used in conjunction with trust Signature packets (of level > 0) to limit the scope of trust that is extended. Only signatures by the target key on User IDs that match the regular expression in the body of this packet have trust extended by the trust Signature subpacket. I interpret this differently. I interpret "to limit the scope of the trust that is extended" to mean that the source extends *its* trust to the target. That is, trust is not somehow reset when following an edge in the graph, but either passed on as is or narrowed. > However, I don't think c@example.org should be valid, as user U only > wanted to give permissions on r".*<.*@ca-a.com>" to root@ca-a.com. So I > think all regular expressions in the trust chain should have to match in > order to not be rejected -- in a similar fashion as the DNSSEC model. > > So the “wrong” line here would be b@ca-a.com's trust, which should be > calculated as trust(254, r".*<.*@example.org>" AND r".*<.*@ca-a.com>"). Even if the standard is wrong here, this is definitely a more useful and non-broken approach, and, I suspect, almost certainly what was intended. > Another issue of this scheme, obviously, is that noone “in the wild” > currently uses regular expression subpackets (that I know of). Not only does almost no one use regular expressions, but regular expression support is not very widely supported (GnuPG doesn't support regular expressions on Windows), and until recently broken in GnuPG (see https://dev.gnupg.org/T2923). I would like to make a counter proposal, that Vincent and I came up with at FOSDEM: I think that we should deprecate Regular Expression support and replace it with a list of domains (optionally prefixed with "*." to indicate any subdomain). First, most users don't understand regular expressions. And, although it would be possible to allow users to enter one or more domains and then convert them to a regular expression, it is not easy to reverse this process, which is essential for explanatory purposes and editing. Second, not including an RE engine reduces complexity. :) Neal
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wyllys Ingersoll
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- [openpgp] Overhauling User IDs / Standardizing Us… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Derek Atkins
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Bill Frantz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Christian Huitema