Re: [openpgp] Registration of the 'proof' notation

Wiktor Kwapisiewicz <wiktor@metacode.biz> Wed, 30 September 2020 13:04 UTC

Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1CA7C3A08B6 for <openpgp@ietfa.amsl.com>; Wed, 30 Sep 2020 06:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TmAEsS8h8RsX for <openpgp@ietfa.amsl.com>; Wed, 30 Sep 2020 06:04:47 -0700 (PDT)
Received: from mail-wr1-x430.google.com (mail-wr1-x430.google.com [IPv6:2a00:1450:4864:20::430]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC5173A08B2 for <openpgp@ietf.org>; Wed, 30 Sep 2020 06:04:46 -0700 (PDT)
Received: by mail-wr1-x430.google.com with SMTP id g4so1723896wrs.5 for <openpgp@ietf.org>; Wed, 30 Sep 2020 06:04:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:cc:references:from:autocrypt:organization:subject:message-id :date:mime-version:in-reply-to; bh=J7GBbKgbwLvihG5IdtQNYDb1/TxBrKlnMLItKJzT0EM=; b=MNLh/03/mQ0DBHDhs0+9OxcWZTQVz8vmk+4GCe3zikBdYnQg0XlPRtyM/j8QwjYcjM uBWheOH3CJk+Uy5tVrUiWzVnx+kvmhp1C6WfoX1yDI06KGcSaIhoyLaf3LoLqkF17R57 6MDlzdcGquInuRrd5Fq+aRWC54MVHJYKApMcUowhJNzCI4O7ssE9F/rBdgRBiFA4YSv+ V058fwn5D9Dw4rZNb/8Ru/Y7FJ0b0wOjiVevr0n1rNy9jAQ8mJEsY1o7J7qGpuN4LpEe YHsWEYZ8ddvFB/iwo6N6G2SBAJRPV6r6Fq7PwFabvYUqdYctjNIv+Bu5UZkJjwF7x8FM NDqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:autocrypt:organization :subject:message-id:date:mime-version:in-reply-to; bh=J7GBbKgbwLvihG5IdtQNYDb1/TxBrKlnMLItKJzT0EM=; b=ngPd/BCHGvbmOButONqOrqrkLLBzged+uw67YP4FpgvBlxdY+97Ludy5o9INfzDrKe STF095owj/lwavHKS+q6eLbgDspis7ZkXtb1vdB7CQnjkIvcrrJuXXb9ZojM/J/w0Dbn aT3mdXPmZLFLFyeLnoCasyYfqwDvq0Z5rsWI8GNczQDu3On6pCWWRAgpOfsw25+5AIoB LzeD2w7lxOiBCmVEQmTIEg3ErDnt7OucbOweLcCAEvPoynHFt02dZ8N7DVQxr0PybdUE zDu6tVSXG+6mAWIkS8cb73BGmafXOe+EUXALt00Cgkoct1xfD1EJGtkvy+/3b3vKnXpa NqGw==
X-Gm-Message-State: AOAM532u2B0JJUGps5hqkd0vwmtdy39ljsR9bxcH9kM1+KFJOqblGSi0 KbZU8/CETJaBN2GVCQRIV4jspo+/lKnCnQ==
X-Google-Smtp-Source: ABdhPJxPNsH1QB21gMSJhkAbGayxjrbAL+W41Yof6lv4iKKr+U3lzQ8VGTOYKBrai9Eg1K7BNObPCA==
X-Received: by 2002:a05:6000:109:: with SMTP id o9mr3104556wrx.364.1601471083995; Wed, 30 Sep 2020 06:04:43 -0700 (PDT)
Received: from [192.168.2.69] (aehd220.neoplus.adsl.tpnet.pl. [79.186.185.220]) by smtp.googlemail.com with ESMTPSA id o4sm3048111wru.55.2020.09.30.06.04.41 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 30 Sep 2020 06:04:42 -0700 (PDT)
To: "Neal H. Walfield" <neal@walfield.org>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
References: <fd255115-b047-ca6a-9ce9-b2f30b0b459d@metacode.biz> <87v9fv36ob.wl-neal@walfield.org>
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Autocrypt: addr=wiktor@metacode.biz; prefer-encrypt=mutual; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokELgQTAQoCGAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgDQUgAAAAAASABlwcm9vZkBtZXRhY29kZS5iaXpkbnM6bWV0YWNvZGUuYml6 P3R5cGU9VFhUXBSAAAAAABIAQXByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vZ2lzdC5naXRo dWIuY29tL3dpa3Rvci1rLzM4OWQ1ODlkZDE5MjUwZTFmOWE0MmJjM2Q1ZDQwYzE2VRSAAAAA ABIAOnByb29mQG1ldGFjb2RlLmJpemh0dHBzOi8vd3d3LnJlZGRpdC5jb20vdXNlci93aWt0 b3Itay9jb21tZW50cy9ibzVvaWgvdGVzdC9zFIAAAAAAKgBAdGltZXN0YW1wK2JpdGNvaW4t dHJhbnNhY3Rpb25AbWV0YWNvZGUuYml6YWZjYjA5MmM1Y2E2NDA5NTI2ZDE4YWU5Y2YyMmQz YjU1ZDM3ZTcyM2ViMWI3NGUzZjg0ZjdlNmIwNTJhMTYyYUgUgAAAAAASAC1wcm9vZkBtZXRh Y29kZS5iaXpodHRwczovL25ld3MueWNvbWJpbmF0b3IuY29tL3VzZXI/aWQ9d2lrdG9yLWs3 FIAAAAAAEgAccHJvb2ZAbWV0YWNvZGUuYml6aHR0cHM6Ly9tZXRhY29kZS5iaXovQHdpa3Rv chYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJdK4YGBQkHhq5HAAoJEGyIV+DY6PB0qPsQAIKT MUYx8RPHfLMM3F11XtLUobKO6CpU83TM894/uF06woM3OaHiajVqC8d6jBXcw2OLH9cCQ9oP Qsfxns3YcKLpWLnSv6F46U9M1e1rZM7H/ooEsNWZNiTyZPaO0bBDsLtpEEOzo609IftKaP3+ BFyEr4YGerHeXcmBzoGlxR84GVsoTzs+VLZn4zAxPMPSe+s9mTTU85uGAXDdhSjTvb5sKARV DQNAlrEo5tZ17/K0BcSztYBT+rnRVAROaxxsqvVQG8lGuohBQuv3BDaqSBwJp/qcDHz3eOLN LfvanZvGtoXtRybimd8mDjzG18wd/V1DJOIzixdsBA2PHzPvFAoYzohjZrEjC7KPFXiUN1NN 9B5PsTKXEWzZiqffjEQHCD8o3JO5tJwI04tN+g55HXxM750639OFuZRGpBTysY7NSqkzDcDN uzkcPU7mXFfNZNG1+t54NlSaU9cwfZNdOd4y6ClE3qZReKwZMiqgQPNF7h4FPpFzkR79z6CL Wt5iHhMVJ1au00xuf1c+NDGXp6oKUbtlTRpmGnLjLn1z+7s9wUDdfvUf+aRRDXRLPcseI0wv k82mkBhSbX5ZDRgFqEB+giNS7ydZw4ur5scXgMA2i6JUe3eAoDflygpB0+EWiJWv/Eyzwsoj 1V/z9TXDeTME1sQckXPpmspnuO0uogrEuQENBFs/lS0BCAC5oX3r3luF7czMF8UFxJz55Xuv NRs4tEjoHzqcqoe4+RJyfNDtspgevYIq1WTKw/H3ZYsd2wZpkM3I+BJn9eeHZKs77qXQZGN5 PBB65rZoLjMx+qHa6wH4lIYMYW7eB9HHMsT/5E3ILBSRzZIwJimd/QdIMKSrJ5mPMkAd+9+x ob5zKHO5L5pbQtJSGS0m17/hA0kCTLI885hLtT3JsI/KWwuAYDrTwsayzh/hG/NgdA3I8xlr QCLC0EFJoxHkN9tCyXeKPlrIPYyMB1jHTo1iNV0CQGpk+zf6DA/ySGfJxd30ksJZ8y5qxD43 zS0YffYMC01CeuqPoGZ2Fy9VxhODABEBAAGJAjwEGAEKACYCGwwWIQRlOQmi8ON8EG9fr1Rs iFfg2OjwdAUCXSuGiQUJBK95lQAKCRBsiFfg2OjwdHBFD/97ijOr6M+IcKbDHBTz1+5YP1VK XTwcea5YlwK8gByd/urvUr/+d/OdOu5Z6+N8r1TKI60JhawaZD2l8TcViuwFz1wi+hywBSDR KRRnDhz7g5gESsYiX0+1Vp3IOBRHgvQT2RdgirRccRNcDyo3Rna9XOhcKZoF4ykd7P8ja0ae ekeGU81xAHrZxJO930CYS3Eo+hlf6+F5qfcDv20Z4HdY9/9QrDCRwz64lgQlbAPoANHdTLPa m46ZBS/u5nrlqsTWBiFHXwnMmI+e54mC0UK+SrafLlCsEC3Qn5o1VaEx6WicAfNsl8vmYTyB Wf8lkLMXGSeH8QjF5lAmyCrGaHwcfkM5AaJJRd9OrtG2PgGRoHuYNri6Rs+Zwg3wc1Y5w3ir WGMJGJAGh33nsxpr63/onyaIea3lBpXe0ql6wlKN59PVARYIpNhOHs+m3K4mAqJ2GxBZn0Gn /uai+qFSNsFS3Zb00bGqfAIDaPx91VZp7gMoT2+OXlopyj9gtsJgRviQUEvn+DhieBTO9gQT 2N7aRqP3J2sB8nxIRp3SG1Nibt5mG2+m3JCJldgpFMrkP4JEmJNemaRURZU7lQLb8Xd8NlOZ mTtGgA/gUZqleWGdaRbQxJaV+AFCusMZMbR57KqLSKsN3gU5pV7l8DyWKTbzuG33DtD20Zie 2ben8GJucbkBDQRbP5VqAQgAt/NogC7amuAQT6aYul3lnaj7DmiZvLG99QBoTNRaQjJpbKd3 Mvu0pfah+GnQQicxOO3GOuPVWecTVMLBKDFX8L8WWTq2NFhwoZV55MBcVgVsO7a9SHWLUwzr sfKHh9G+77UNqxUldkKTRIjs0GSCivpVXJ222F4nYP0UlYsUQcNo9YS5m8vXwwbGygPRzpWr 5c5Bh6/9VmCH3WZ5O16BRqNietOBbqVKIrjdw5uL9SZFLYW4OksLOX70PvMzn9c0BWIUVSAw MJYGwlkN+xFiRKZkfh1+aLc4CmEZGstt9poqHCZAUUVnhTgjzheXswYgUpHYxtq/XeX2E5vk LK+JDQARAQABiQNyBBgBCgAmAhsCFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAl0rhokFCQSv eVgBQMB0IAQZAQoAHRYhBO8e4PqUIPgE/e/AJpf97zTauPgrBQJbP5VqAAoJEJf97zTauPgr udoIAIRxBiSbZeou42kj1cLNp0Tbwo9P0GcQm3OjrMt6NhwkSmOZtYznn6+TJoxHVqfGsFwO XgftJK25zKwsUpGV7p4GdwrYRn+rHFKkrsh2XKjiVWtVUD5SD/cGBgM6dMghqQrazLbmB8AV qzemayYX9u9w5NMxMVe4Zuze12dOgAf0wv+RPXVxxn0mVYlxOWjiod6VLn3g24aTv+bN6hmc sjGJRlQpBA0DVsSp9wYxlMCdtaThzCfOSToQOXmYMJmXmd3eSoAJNQRlSARlrP5ysiMbgS08 EukbL/hvs6mayfKA22RO5rjCQqGzN4BUqSw4RMxQQQOz/BO/sKY7RdICRtYJEGyIV+DY6PB0 n9wQAMF4H5qen/oDr3J37Y2N0OKctZxxii7fFqWSNc7GMS2tlZuakWQ7GbBC3vHBAC5j66d2 WXi3Yaf0uM4ydyu7LZ1fKpJ+9aWXjKMTdg+l7d9WV5UWY8fcXDl+nUEjO2biAJHhFfa3dKXL 3/1GwG5Q5vqjDiNhlhVVCqI4DoreuimLzHfs8QVulEm0WInrcPXKPevgYg7slwAax+Y4rXSx JeIeJo2GtgKD8nqaEX2TIEdajg5hS5MV2Wj6tvB9ZiWYy7ybPkNw/j4V5v0mUo5Hh5W+T3h2 FOMNFTJFQ7oC4AYNUwFoajh9tdgWNuKzU/Hdqoftjx387Kn4RtQIv8Clgfqt1zPjeWg1lYdp +RbjRRwV57Jq/LuKTBWAFp8zJ/tv4kVlZDxiBeeJWGoQ9LYQr6+LX7HMFmfXk1yYExwAGAwH w0h1C2Ldf5c2HoZQ7euHpbv5K1Y2MEMOiYkzwYX4XrGqsQFVGrgct0nKc5qD6BzY188sb9g4 RUa8L7MTsJyqOtkrWB1mYtNeclP9a3Eta1K6zHX90HqGjPDWjRXQ4KAhYaE8HPNkEuiI6OTR jGtSyM9iiv7LEo4D9Y8YW38XrRlCXjIhFvblDSZI/5qc+3YPT0nQ/Zb4Hwzi6OPFWwrAN3YY UyLsB+reNqoC57hhy/Q9hByH59vd03om+lfBvdPC
Organization: Metacode
Message-ID: <3d9d56f7-afa9-4e5e-884d-12e29d11ae0c@metacode.biz>
Date: Wed, 30 Sep 2020 15:04:34 +0200
MIME-Version: 1.0
In-Reply-To: <87v9fv36ob.wl-neal@walfield.org>
Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qCHBbkBZahTfptmRuE2nVlC6j9aLIvQ9h"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/igZkaK7AzwJSh1_CoLEcl_kRxB0>
Subject: Re: [openpgp] Registration of the 'proof' notation
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 13:04:49 -0000

Hi Neal,

Actually Vincent's draft was already discussed on the list in 2017
including the design decision of using User Attributes and I have to
agree with Werner's quote from back then:

> (...)  We have notation data which can be
> used to add meta data to a user id.
> 
> Hiding things which might act as identities in UAT does not feel right.
> We better keep UAT for what they are used today - for the more or less
> useless photo-ids

Source:
https://mailarchive.ietf.org/arch/msg/openpgp/zgGQW8qPtJ94tkEVDpDJNsAdkxE/

Yes, you can't certify notations but why would you want to certify my
Twitter handle? It's not up to you to decide if it's valid. The proof is
designed to be checked against the actual service (Twitter in this case).

> When Alice certifies that "Bob <bob@example.org>" controls the
Certificate  0xBBBB, is she also certifying Bob's linked identities?

No, why would she? And why is this any different from Alice signing
Bob's User ID containing any other notation? Consider the alternative:
if Bob adds notation to his User ID saying "Alice loves me" should Alice
signature over that User ID be treated as her commitment? Clearly not.

As for the OpenKeychain example please note that the stable version
removed support for their linked identities [0].

[0]: https://github.com/open-keychain/open-keychain/pull/2408

It could be argued that it's the tooling that was missing but given that
both WKD and verifying keyservers strip User Attributes left and right
adding support for your design would require massive implementation
effort on all sides for a questionable benefit.

Thanks for your feedback!

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor