Re: [openpgp] OpenPGPv5 wish list

Werner Koch <> Mon, 29 April 2013 18:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7ABFD21F9AE5 for <>; Mon, 29 Apr 2013 11:48:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -9.651
X-Spam-Status: No, score=-9.651 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_UNSUB22=0.948]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 4Wc1rutsth6I for <>; Mon, 29 Apr 2013 11:48:19 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 07E9F21F9A6A for <>; Mon, 29 Apr 2013 11:48:18 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 4.80 #2 (Debian)) id 1UWt7Y-0007j7-QR for <>; Mon, 29 Apr 2013 20:48:16 +0200
Received: from wk by with local (Exim 4.80 #3 (Debian)) id 1UWszp-0001b9-NZ; Mon, 29 Apr 2013 20:40:17 +0200
From: Werner Koch <>
To: Philippe Cerfon <>
References: <>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367;
Date: Mon, 29 Apr 2013 20:40:17 +0200
In-Reply-To: <> (Philippe Cerfon's message of "Mon, 29 Apr 2013 19:53:40 +0200")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [openpgp] OpenPGPv5 wish list
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 29 Apr 2013 18:48:24 -0000

On Mon, 29 Apr 2013 19:53, said:

> Well actually the contrary seems to be the case... OpenPGP is rather
> only used for mail and plain file encryption/signing, which covers of
> course already many fields, but nothing advanced.

Depends on what you call advanced.  OpenPGP is a low-level protocol and
never really tried to address the application layer. 

> It would never have any chance to be used for government ID cards, or
> similar projects.

Why should a government do that?  eID cards started in Europe (iirc, the
German electronic signature law was the first at all).  Europe has a
history of waiting for X, aehmm the OSI network stack, and thus it is
quite obvious that they started with X.400 et al.  Further, you can make
more (consulting) money with weakly defined/complex protocols than with
a clean solution.  The latter almost never wins (cf. IPSec lessons).

> Yeah I knew... but right now it's also used for the name of the user,
> which is the primary identification property... and it shouldn't be
> used for that (from a design POV).

Maybe not for your application, so go and use your own thing for it.
There is nothing which will stop you.  What about putting a DN into it?

> Obviously I don't want X.509 or I'd use it.
> And I don't see how this is touched by X.509 anyway.

Because X.509 has all the useless bells and whistles which have been
suggested in the past as the solution to every problem.  Well alright,
OpenPGP provides very similar ways to implement such features but
fortunately it has not yet been abused

> simply as no-one uses it... yeah I know, gpg understands it... but one
> cannot even set it, can one?

  gpg -N '!'; ....

makes foo a critical notation.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.