IETF Logo Mail Archive

[openpgp] OpenPGP private certification [was: Re: Manifesto - who is the new OpenPGP for?]

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 28 March 2015 18:53 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA71B1A8F44 for <openpgp@ietfa.amsl.com>; Sat, 28 Mar 2015 11:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_50=0.8, GB_I_LETTER=-2] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n0dAL8znayOF for <openpgp@ietfa.amsl.com>; Sat, 28 Mar 2015 11:53:25 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id A09DD1A8F3D for <openpgp@ietf.org>; Sat, 28 Mar 2015 11:53:25 -0700 (PDT)
Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 957B5F987; Sat, 28 Mar 2015 14:53:22 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 1D7F021573; Sat, 28 Mar 2015 10:56:11 -0500 (CDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Brian Sniffen <bsniffen@akamai.com>
In-Reply-To: <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com> <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com> <CAMm+LwjBuZfP4NwRCy23_d9eRtcfUiLKdyZOu+jYT72HfB0g9g@mail.gmail.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-pc-linux-gnu)
Date: Sat, 28 Mar 2015 11:56:11 -0400
Message-ID: <87vbhlt8tg.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/dQrd3YOCYvyAZ8yK-qqoa_Lbocw>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, IETF OpenPGP <openpgp@ietf.org>
Subject: [openpgp] OpenPGP private certification [was: Re: Manifesto - who is the new OpenPGP for?]
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Mar 2015 18:53:29 -0000

On Thu 2015-03-26 15:58:57 -0500, Phillip Hallam-Baker wrote:
> Yep, I don't actually rate a keysignature as being worth anything
> until it is enrolled in a TRANS like log.

I think this perspective is dangerous to privacy, if we want to be able
to support non-public certifications.

I often certify people's keys publicly (or i make OpenPGP certifications
and send them to the subject and let them decide whether to publish them
or not).  But i also think it's important to be able to make a
non-logged, non-public "letter of introduction", to be handed off when
needed.  OpenPGPv4 already supports this in the form of non-exportable
signatures.  The UI/UX for this is abysmal in most clients today (anyone
with UI/UX cycles to spare who wants some brainstorming ideas about how
to improve this, please talk to me), but it would be a real shame to
change the protocol in such a way to rule this technique out completely.

Parties who are globally relied-upon (e.g. the X.509 CAs that everyone
implicitly "trusts") should definitely be publicly logged.

But not everyone who certifies is in (or should be in) that position;
some of these relationships are private, and we should not force people
to publish them.

        --dkg

v2.23.0 | Report a Bug | By Email