IETF Logo Mail Archive

Re: [openpgp] 1PA3PC: first-party attested third-party certifications (making Key Server Prefs no-modify actionable)

Werner Koch <wk@gnupg.org> Fri, 06 September 2019 07:55 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C10C612006F for <openpgp@ietfa.amsl.com>; Fri, 6 Sep 2019 00:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3SZO8T7-CHm for <openpgp@ietfa.amsl.com>; Fri, 6 Sep 2019 00:55:11 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6647112002E for <openpgp@ietf.org>; Fri, 6 Sep 2019 00:55:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=O9F7z48S1aHRUsXjYSPyS8ddfD7HaJiSRPrJsY0f0NQ=; b=JRomNbJRRbdji8yqkKOsc9POJA uQhNrapUUhv/PrSoxFP9iFwCmYh04xVAVcjdEX4hfmi9LI1NuDB5DCTSgTG9qWu8qUEPE225Xx3Kd 8DchMhB7vOCwiCQhven7F7TIN6SyDkDUMhD6ubPVJ6k1Wof3Ji+2i8/a0YKU8lmdS4DU=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1i695J-0008QT-El for <openpgp@ietf.org>; Fri, 06 Sep 2019 09:55:09 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian)) id 1i6909-000242-It; Fri, 06 Sep 2019 09:49:49 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Heiko Stamer <HeikoStamer@gmx.net>, openpgp@ietf.org
References: <87tva1am9t.fsf@fifthhorseman.net> <20190831060419.GV84368@kduck.mit.edu> <87o90377zh.fsf@fifthhorseman.net>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, Benjamin Kaduk <kaduk@mit.edu>, Heiko Stamer <HeikoStamer@gmx.net>, openpgp@ietf.org
Date: Fri, 06 Sep 2019 09:49:43 +0200
In-Reply-To: <87o90377zh.fsf@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Sun, 01 Sep 2019 22:22:10 -0400")
Message-ID: <87o8zxq2y0.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Shots_fired_spy_FMD_lock_picking_president_radar_stakeout_DREC=Afgha"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZwaNM6ZaNwt6UGWys2RAalaDdLg>
Subject: Re: [openpgp] 1PA3PC: first-party attested third-party certifications (making Key Server Prefs no-modify actionable)
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 07:55:14 -0000

On Sun,  1 Sep 2019 22:22, dkg@fifthhorseman.net said:

> Of these three, it looks to me like "Intended Recipient" (MR 19) already
> has multiple interoperable implementations, and "Attested
> Certifications"+"Attestation Key Signature" (MR 20) appears to be
> relatively uncontroversial.

I have merged these two patches.

> "Designated Revoker" (MR 18) has raised the most objections on the list,
> perhaps in part because it explicitly deprecates the old "Revocation
> Key" subpacket.

I didn't stepped into the discussion but I do not see a reason for it.
it adds so much complexity to this area and it seems to be out of scope
of the original goal of that WG.  In fact we already added more stuff
than planned and long winding discussion about implementaion details led
to the clsong of the WG.

The attestation thing is really useful to keep current OpenPGP workflows
alive.

> Perhaps we should make a new revision of rfc4880bis with MRs 19 and 20
> merged, since the jury is still out on MR 19.  Then we can use that as
> the basis for the IANA pre-allocation.  Does that seem like a reasonable
> next step?

Will do so.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

v2.23.0 | Report a Bug | By Email