Re: [openpgp] Overhauling User IDs / Standardizing User Attributes

The problem I see with all of these suggestions is that there is no way to
actually "verify" the data that someone puts into these fields without some
sort of standardized and trusted verification service, which is way out of
scope for the OpenPGP spec. Also, adding many more user attributes *will*
complicate UIs beyond gnupg and enigmail. Consider mobile applications such
as ipgmail [mine] and others where screen real estate is at a premium and
users dont want to type lots of info into complex forms that are not well
understood by the average user.  The whole "web of trust" is not really
codified or enforced in a formal way, its pretty much up to individuals to
decide on the trust level they want to assign to a key (or userids
associated with the key), many users ignore it entirely and happily use the
key and assume the UID is correct.  Why would this be any better?

Im not convinced that the proposal to break up the UID into lots of
separate attributes is enhancing the security or usability for the general
PGP user community, though I can see it having value in some specialized
cases and perhaps it could be a foundation for building a better
trust/verification system.

-Wyllys Ingersoll

On Wed, Jun 27, 2018 at 8:06 AM Wiktor Kwapisiewicz <wiktor=
40metacode.biz@dmarc.ietf.org> wrote:

> Hi Leo,
>
> >> But I'm not in favor of other attributes:
> >>    - "role" (e.g. "Qubes OS developer"), who would verify that? Probably
> >> only some kind of master Qubes key should sign it but then how do we
> >> know if this is a correct master Qubes key? Wouldn't e-mail in form of
> >> user@developers.qubes.com better express that? (for the record I also
> >> don't like "project X signing key" comments but that's another story),
> >>    - "pseudonym", also not clear what are the rules of signing this ID,
> >
> > Well, I don't really like them either, but that'd be a way for people to
> > have a place to put the information they currently appear to want to put
> > in their User ID fields. The aim of these fields is mostly to avoid
> > misuse of other fields.
>
> I think the root of the problem is that people either input something
> because there is a Comment field, or they think they need to input
> something there (e.g. "Work").
>
> In the first case it's slowly getting better as tools as gpg have
> sensible defaults now (for example, they don't ask for comment when
> creating keys).
>
> In the second case a good solution would just be educating people (for
> example making them familiar with this timeless piece:
>
> https://dkg.fifthhorseman.net/blog/openpgp-user-id-comments-considered-harmful.html
> ).
>
> > I'd think the concept of saying “a key is valid” is likely a problem
> > anyway, as a key is always valid, and the only thing that can be checked
> > is the validity of the association between a User ID and a key (for the
> > WoT, there is no need to have a key “valid” for trusting it, so I guess
> > the change shouldn't generate any issue).
>
> By "valid" I meant the strict technical term used by gpg (see e.g. this
> excellent resource:
>
> https://www.linux.com/learn/pgp-web-trust-core-concepts-behind-trusted-communication
> ).
>
> > So this would require quite some changes especially around the user
> > interface, that couldn't just display a valid User ID as “key handle” as
> > is currently done by at least GnuPG and Enigmail, but would also have to
> > reconstruct something intelligent to display based on the set of
> > validated User Attributes.
>
> Exactly. And this kind of modification that requires changing all tools
> along the path, for a standard so widely used as OpenPGP can be hard to
> pull off.
>
> Kind regards,
> Wiktor
>
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp
>