Re: [openpgp] Overhauling User IDs / Standardizing User Attributes
Wiktor Kwapisiewicz <wiktor@metacode.biz> Wed, 27 June 2018 12:05 UTC
Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E18BC1277C8 for <openpgp@ietfa.amsl.com>; Wed, 27 Jun 2018 05:05:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YxYpx8DyrDy9 for <openpgp@ietfa.amsl.com>; Wed, 27 Jun 2018 05:05:48 -0700 (PDT)
Received: from mail-wm0-x232.google.com (mail-wm0-x232.google.com [IPv6:2a00:1450:400c:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5436D127148 for <openpgp@ietf.org>; Wed, 27 Jun 2018 05:05:48 -0700 (PDT)
Received: by mail-wm0-x232.google.com with SMTP id n17-v6so4691263wmh.2 for <openpgp@ietf.org>; Wed, 27 Jun 2018 05:05:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=subject:to:references:from:openpgp:autocrypt:organization :message-id:date:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=PAAraCEihfgAatXmFOQr1/2hYZd3fNRLe7YW8ZczXdo=; b=Rno6KESkt7d+L16Qx/MvMEu3WUq0fRNMNznO84DPSmS81znWFRM7vbbIEpCGy7TaCY sBj5cdRLstsUo0m2hmZA8ENmPSteNE6GRJ0DEc802MENYl+aZODFfZ8M3NJZhtdUWBBt 5LdrcxMdksO6OWAKNbyB2tpTDyjiZe1+QlmnzZUnuOzVuPimIY9Z8o2MkY+dVCFf61wH 5YQUvb8KgGbpkVROQ1TKCgizO00YgEPmskrCxTs4bEE126WaIxDQ5mvmh27D2wLw5P4a 6Kq3LHe5WdpsGQjPupoZvOYjQ2AArEVC6iJa0V0SMghknjbMaAneAz8riod6rtekhGEP svGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :organization:message-id:date:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=PAAraCEihfgAatXmFOQr1/2hYZd3fNRLe7YW8ZczXdo=; b=lyDgM2PibYSdZHte6MXBJHX5GJF+GnOTlHff5stnd3iNhD5IyRa3ETSUDDUBoW2XX/ x5QufriJhk+Rd9nznp+nJMbE9uganepHunFHEbQ7l+OkovV9t5XBvv16lzjARp6/yhPR CsEzB5uu+5FFi+0L5vJV/smmZGMao6OEcsvRj9prIBul2QoJS702c6qxvTv/w857/wlx 3/2TNpiC/KBHwXFWMcHtbzq6qYAXtge8bXfhDpsBppVpo9NyVLEpJU2kDheAF3OgMKoe FdmjgkC8hgyr/vYtjKsWIOeL6N4d7FXfEeHejCvSw7Wppnk213aurOrUAczt0Q7nCFmy 2fqQ==
X-Gm-Message-State: APt69E0CTracBnE++HvfCuge4UzwH0eR0fVkLFmPhD2ZvJiiQSh+umX/ hbZFtXk0IfB2M13FV4EngMYHo/8jP7E=
X-Google-Smtp-Source: AAOMgpc1JsLP01xXE5lmEky/SYK9Ld9VD7t9F98A+zJ3wZUHXu3NTSfCH+ql3L0n8AsmT4YFfUyN6Q==
X-Received: by 2002:a1c:6f5a:: with SMTP id k87-v6mr4538775wmc.142.1530101146188; Wed, 27 Jun 2018 05:05:46 -0700 (PDT)
Received: from ?IPv6:2a00:f41:386d:3f8f:3161:3c69:519:f582? ([2a00:f41:386d:3f8f:3161:3c69:519:f582]) by smtp.googlemail.com with ESMTPSA id h77-v6sm7216831wmd.9.2018.06.27.05.05.44 for <openpgp@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 Jun 2018 05:05:45 -0700 (PDT)
To: openpgp@ietf.org
References: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja> <871sdw24yd.wl-neal@walfield.org> <c2e6bbe7-0694-8193-bb76-dd50fde7d967@leo.gaspard.ninja> <d28d8f8b-b261-eb29-97bc-9c7159a62ce6@leo.gaspard.ninja> <67153bb3-8ec7-5b30-3d11-22fce0681b47@metacode.biz> <2d737acb-0ce9-b703-ceb9-29c9a2ef2c0e@leo.gaspard.ninja> <6f540f57-637c-f94c-4001-96ea9d14007f@metacode.biz> <fcb5b381-b8d2-79a2-383c-b9eb7b556307@leo.gaspard.ninja>
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Openpgp: id=653909A2F0E37C106F5FAF546C8857E0D8E8F074; url=https://metacode.biz/@wiktor/openpgp/key
Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsFNBFhoYf0BEACidQ4OVAKliYOnNzG5ltod8GS0eJj3CSnY 0gszCjS6Hm0OkvCN5RfEagALuLuJe06nFDB/mEvsV3CKO1rxPUrQnijxjl/L5LopdEVhwQoL UBhvMvdX62krk6CtsFUlQvHPS923+YoQ1/HWR8jbWLJq/PNJp3fE9FKbWX6BchOeZ/KCZ/Ip 6vv7YOVVyBVL8O/slSkEEaUS40ac/F70/wfUPXRgiOLYVikRNlphvmTu54F0KWFUbPYAhyr/ xSz8Joy34+e9h5ipEb+Cv9CrjQaHp8aLDAR1VJ3A+SjSt20mU1CuhKwpR+z0t/hjlOLHv0zR qWl3QNYmNBJ9I2oW4mH9FEDM3DRsWEaqdaL1uVeQ8rE4QZ6tbk76YS8eyRWjScLQm61USHxq 7KpUI73k6ST0Ylyj8D1a03dKUTuytgU0NhbFyArI2UHNvhm73X6qo7ofHlfgA6mVAaI4jW7r /CY0GLs29PyetdII/+6F50HAEXBswTesgx/2P6k+vHhReyZF7NgSkqEWaGgKdRlSyTpu/U+Q TRmLB/yWfL89+BMJZosX0oMWZxG7XPu18GXSeHNoSPw9xLNGWGMbKErIbyVqQyd6fu2gpYzO n9J57ImHvgoENvcyRl7sSOiZto/5EJiHubUBTeeuZf2V7QxfrP15h1SVkzDjIOP3qXF+oCI8 jQARAQABwsFlBBgBCgAPBQJYaGH9AhsMBQkB4TOAAAoJEGyIV+DY6PB0I94P/iFsWZcgYNaN JxXK99755nzKKDSqjCOkTgoV9h9cNaIZV944pupdugRW5ek6BV2/Cj93iCGMzrfzzvETPT4t 8oaC/0yJ0pzPUrFe9Uht2ghtmXQK6Mw0fM4daPKJtCQyMlfYljqKhxgIJ24cB+O04yOrvfCS FRQw/T4ngmqCvI1wRzxU98yljKKxcvQWZ6qY6izNeUZJ6Ie1iujQOEmnLSXMikcptGf5YC9C KY0f9MsCI75uCx2HKQRRcj/nOHE+dkwo5XyUbSuWhQu6bOHJI5S0ixkjVp6JQ4E1NBLR3P3V Kr1jg6ODbJ0w9B8peSumzFhGf0qo2RYkPYKkUFfejmUhphSAS2WmdGHbut32ibDn6vd/XTjs vGQUDQ2Bp3fXdqeTw79T5zGpS87omdnz/Wpavntjv9IbVTnCmJMfSBYUmMoBK94IEWttKmL/ UCmcoruhhLs1A3Xdn17gt6k+AkBapBd8IC15QiMedzCINtug399M9MMfgkW5NpGOunpLBbhG xUD2nqdK2j347/dGTT53sUa6tQw6IDNZrCWOJTqTeP6PD7BJt67tlywPgmLSBGYgWpnRNJhb 9QKzyn3KnUzp9lzUDLReEu2gdY2Kz1N5PVmmF/ysfKVJZ0ZGWPB4iR/HgAc6OY2TnHXiifKT EXmAO6RvoR7+8se4PUnv0mR1wsFlBBgBCgAPAhsMBQJaLoRUBQkDwPoDAAoJEGyIV+DY6PB0 XoMP/i+6XvyNE/XsdFgeAO/rtdELWphFUu1HbaKYeh6YMYjg71eR8KbYe2sz3M1Bawj/D7Kb tGRsxFshkLHau0N0cJHEr3U6j/U7sEWCW/YDlWSIyBWYg+j1k/aBczfL/oC9E9h8LOUUjjj3 vpRs2rHmIHT2aAvbRom1d4xaFh1kwn7sUKtc+0AoP5PCeBcfqMduunEPqsfsbmz1Dz+O5FJ7 LRG8YXyV+5YTT1pEuNjFm+GNBEvwhfJqN+H459ngMdZUkCyKwWLAMaJj6y9/ZJ8lrPLCjGDR p9FzhLg39gQqV5Vu41VyBr+9YucX/sWfQ1SuvWDMBnTKSOKX01RAHGvnOmtl3Vr4SqWDhFsO VdWluKugMiIdajKwgM9Bp+35O/l8QQbxxrRAy/TI+dB4w8Urn2oVPkAq8RgYJIzpYYUFnhKD EwcdoG8Lk2EqO60g9UR6tGVsW9/vYvVGHlm0kArIDF9o0zAo5wsuZE9kO4oneoIsCRLwjuZk bqQ+2V+8R3P5YkV8VogwwYPCAhkpGD/ACblux5ip1ilLWFm75Hj3aPkvJSWi5DfkoxzntZBM KrhpyhCKJFUPZovREteTzl8ns3/KvoUJ5VQF3HqXKw49sWrWSDHEugt9ERfCBzAuYl4WB7Qt xwe2q0voV3BFy8kd04NRiyJkBU0BeBHEHblrGY23
Organization: Metacode
Message-ID: <16e7c274-80d2-e35b-2d3a-a70bf39ebddc@metacode.biz>
Date: Wed, 27 Jun 2018 14:05:41 +0200
MIME-Version: 1.0
In-Reply-To: <fcb5b381-b8d2-79a2-383c-b9eb7b556307@leo.gaspard.ninja>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UKAElMBb3DI0VDCom7cVs74Wgbk>
Subject: Re: [openpgp] Overhauling User IDs / Standardizing User Attributes
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jun 2018 12:05:51 -0000
Hi Leo, >> But I'm not in favor of other attributes: >> - "role" (e.g. "Qubes OS developer"), who would verify that? Probably >> only some kind of master Qubes key should sign it but then how do we >> know if this is a correct master Qubes key? Wouldn't e-mail in form of >> user@developers.qubes.com better express that? (for the record I also >> don't like "project X signing key" comments but that's another story), >> - "pseudonym", also not clear what are the rules of signing this ID, > > Well, I don't really like them either, but that'd be a way for people to > have a place to put the information they currently appear to want to put > in their User ID fields. The aim of these fields is mostly to avoid > misuse of other fields. I think the root of the problem is that people either input something because there is a Comment field, or they think they need to input something there (e.g. "Work"). In the first case it's slowly getting better as tools as gpg have sensible defaults now (for example, they don't ask for comment when creating keys). In the second case a good solution would just be educating people (for example making them familiar with this timeless piece: https://dkg.fifthhorseman.net/blog/openpgp-user-id-comments-considered-harmful.html ). > I'd think the concept of saying “a key is valid” is likely a problem > anyway, as a key is always valid, and the only thing that can be checked > is the validity of the association between a User ID and a key (for the > WoT, there is no need to have a key “valid” for trusting it, so I guess > the change shouldn't generate any issue). By "valid" I meant the strict technical term used by gpg (see e.g. this excellent resource: https://www.linux.com/learn/pgp-web-trust-core-concepts-behind-trusted-communication ). > So this would require quite some changes especially around the user > interface, that couldn't just display a valid User ID as “key handle” as > is currently done by at least GnuPG and Enigmail, but would also have to > reconstruct something intelligent to display based on the set of > validated User Attributes. Exactly. And this kind of modification that requires changing all tools along the path, for a standard so widely used as OpenPGP can be hard to pull off. Kind regards, Wiktor
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wyllys Ingersoll
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- [openpgp] Overhauling User IDs / Standardizing Us… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Derek Atkins
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Bill Frantz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Christian Huitema