Re: [openpgp] How to re-launch the OpenPGP WG
Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com> Tue, 17 March 2015 08:43 UTC
Return-Path: <kristian.fiskerstrand@sumptuouscapital.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA6F61A0161 for <openpgp@ietfa.amsl.com>; Tue, 17 Mar 2015 01:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.335
X-Spam-Level:
X-Spam-Status: No, score=-1.335 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_12=0.6, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PYdVtwdQJ9hm for <openpgp@ietfa.amsl.com>; Tue, 17 Mar 2015 01:43:09 -0700 (PDT)
Received: from mail-lb0-f176.google.com (mail-lb0-f176.google.com [209.85.217.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 068C51A0162 for <openpgp@ietf.org>; Tue, 17 Mar 2015 01:43:07 -0700 (PDT)
Received: by lbbsy1 with SMTP id sy1so1960446lbb.1 for <openpgp@ietf.org>; Tue, 17 Mar 2015 01:43:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=bv7mn2+Zj6YLCtc+mOWGUkm1w6/xDrT9NkUMQpSyorc=; b=fgBD/UpN9Fr0UDHyxhGoLdU3NIlABOtOJ6Oth3LXoRf4Q3YbMNZwLBHQMev4CTo5HI 64GVhRrpsioivHWHIGbAt3MaH2uJg+Rf9j8PAVDYOT5qcdMZaC8IRpiUIi+smwnEqWgZ j7sTh8vbQzfEVEDGOvoWY748p1MUNH019nHK9+PA/whH1TuZ0wuNN7V6hJ2oxJU3OAMn oaMIhvAv6eV2y2x2k2BSlzmYFXXkY9pGPZlUf1AaR/wYv67QxwSBut7OKPKwAnJamkOv 8Ko2JsNbgGCcAs5a9EutOi3IyM6PcOkgLtm/QgQUoA39W2tSr2Zw7BWifcM9lYAuDrxH Bimg==
X-Gm-Message-State: ALoCoQlhM8Swg/J3llPDGWteQ+Kx1cTIJsApD0Yo3MYgYsvRx5U1a0mBXqhmCrZRkTQix1ihrE76
X-Received: by 10.112.133.225 with SMTP id pf1mr59265303lbb.33.1426581785417; Tue, 17 Mar 2015 01:43:05 -0700 (PDT)
Received: from [192.168.4.145] ([195.1.8.34]) by mx.google.com with ESMTPSA id zo8sm2670037lbc.37.2015.03.17.01.43.03 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Mar 2015 01:43:04 -0700 (PDT)
Message-ID: <5507E916.4040307@sumptuouscapital.com>
Date: Tue, 17 Mar 2015 09:43:02 +0100
From: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Christoph Anton Mitterer <calestyo@scientia.net>
References: <878uf2iehi.fsf@vigenere.g10code.de> <1426218768.22326.80.camel@scientia.net> <874mppgyez.fsf@vigenere.g10code.de> <sjm3859nhe1.fsf@securerf.ihtfp.org> <1426564752.18487.35.camel@scientia.net>
In-Reply-To: <1426564752.18487.35.camel@scientia.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ZFzfI-6gkvv1Kl6TNUcFkX8cung>
Cc: openpgp@ietf.org
Subject: Re: [openpgp] How to re-launch the OpenPGP WG
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 08:43:11 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 03/17/2015 04:59 AM, Christoph Anton Mitterer wrote: > Also to answer Werner's comment ("OpenPGP does not define the Web > of Trust. There is no standard for it.") > > On Fri, 2015-03-13 at 09:42 -0400, Derek Atkins wrote: >> This was explicitly out of scope from the former OpenPGP WG. I >> think that was a GOOD THING, and I believe it should remain out >> of scope. > I was probably a bit unclear in what I wrote. I've mainly meant: > The functionality of OpenPGP shouldn't be limited in such a way > that what we can do now with it (e.g. the web of trust, or trust > hierarchies via the trust signatures) would no longer be possible. > > Apart from that I basically agree that OpenPGP itself (i.e. the RFC > for the message format) shouldn't define a trust system (e.g. the > web of trust), BUT: a) it might(!) make sense for another RFC to do > this on an informal basis b) currently we have several things (well > at least the different levels of user signatures 0x10-0x13) which > are pretty much undefined, useless, ambiguous and therefore even > dangerous. 0x10 and 0x11 have at least some "proper" definition, > but they don't tell how implementations should react on them (=> > dangerous). 0x12 and 0x13 are quite vague and ambiguous. I fail to see how this behaviour is either dangerous, nor how it can be automated in a system with delegated certificate authorities. The signatures (except for 0x11) are treated the same by the implementations, which is fine. The information is still useful as metadata when performing manual analysis of a certification network and depends on a published certification policy by the issuer. The uses not being explicit in the RFC does not mean they are vague and ambiguous, just that they are defined on a per-context / per-CA basis, and the RFC allows provides a mechanism to distinguish , although most users should normally always use 0x10. - -- - ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - ---------------------------- "History repeats itself; historians repeat each other" (Philip Guedalla) -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVB+kSAAoJEP7VAChXwav6IMkIAIv0UMqyXAiGFq6/sNsC8auF 4luyWuwig1eatV6dkLovhIXVyD4hTERFCmEO3DwDu6O7Mg0MN888c4Obm+TXyWY5 4HSIqY7WvbFkOHt9qqmvVCf/JRRNzTRTz8ift2cpseiQGu8k0DsFqVMdXXG/QXUY Y2ze3mE6hcqqKVszZ4yD4h7hPo+zpdzDwMFilsM90et/z8AE39T3NwLpsONGqKZl xWTYlZ2CD+T+ZK6QpQ7cY+RWDRA3xKSijHlG4uGHooYSUPaq+EQqyT7SRs1gn5h9 EEabo1bzCfb/PliCiZNQpQ+Hh+KaMszflQ8HXIar0JKzYOQVB+B2v7bRfiDNTzQ= =MjpA -----END PGP SIGNATURE-----
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG DataPacRat
- Re: [openpgp] How to re-launch the OpenPGP WG James P. Howard
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- Re: [openpgp] How to re-launch the OpenPGP WG David Leon Gil
- Re: [openpgp] How to re-launch the OpenPGP WG David Leon Gil
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Kristian Fiskerstrand
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Benjamin Kaduk
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Benjamin Kaduk
- Re: [openpgp] How to re-launch the OpenPGP WG Phillip Hallam-Baker
- Re: [openpgp] How to re-launch the OpenPGP WG Wyllys Ingersoll
- Re: [openpgp] How to re-launch the OpenPGP WG Phillip Hallam-Baker
- Re: [openpgp] How to re-launch the OpenPGP WG ianG
- Re: [openpgp] How to re-launch the OpenPGP WG ianG
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG ianG
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG Daniel A. Nagy
- Re: [openpgp] How to re-launch the OpenPGP WG Kristian Fiskerstrand
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- Re: [openpgp] How to re-launch the OpenPGP WG Stephen Paul Weber
- Re: [openpgp] How to re-launch the OpenPGP WG Paul Wouters
- Re: [openpgp] How to re-launch the OpenPGP WG Johan van Selst
- Re: [openpgp] How to re-launch the OpenPGP WG Tom Ritter
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG Jon Callas
- Re: [openpgp] How to re-launch the OpenPGP WG NIIBE Yutaka
- Re: [openpgp] How to re-launch the OpenPGP WG Daniel Kahn Gillmor
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- Re: [openpgp] How to re-launch the OpenPGP WG Paul Wouters
- Re: [openpgp] How to re-launch the OpenPGP WG Christoph Anton Mitterer
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG Franklin Wang
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- Re: [openpgp] How to re-launch the OpenPGP WG Derek Atkins
- Re: [openpgp] How to re-launch the OpenPGP WG Werner Koch
- Re: [openpgp] How to re-launch the OpenPGP WG Paul Wouters
- Re: [openpgp] How to re-launch the OpenPGP WG DataPacRat
- Re: [openpgp] How to re-launch the OpenPGP WG Tom Ritter