Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))
Leo Gaspard <ietf@leo.gaspard.ninja> Thu, 28 June 2018 09:35 UTC
Return-Path: <ietf@leo.gaspard.ninja>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 257DB130F2D for <openpgp@ietfa.amsl.com>; Thu, 28 Jun 2018 02:35:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=leo.gaspard.ninja
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JFcEBdg7EI53 for <openpgp@ietfa.amsl.com>; Thu, 28 Jun 2018 02:35:29 -0700 (PDT)
Received: from smtp.gaspard.ninja (grym.ekleog.org [94.23.42.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7107C130E89 for <openpgp@ietf.org>; Thu, 28 Jun 2018 02:35:29 -0700 (PDT)
Received: by smtp.gaspard.ninja (OpenSMTPD) with ESMTP id c5549cc3 for <openpgp@ietf.org>; Thu, 28 Jun 2018 09:35:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=leo.gaspard.ninja; h=subject:references:from:to:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s= grym-20170528; bh=LP21YjrEcMPk657hORVKnx6CdV8=; b=sZGwNmQ/vqSClw 4mwGXKmOwfehOU7AOJTkXxSdV1DQDjzoM5hGZ46Hc/u5Byh2Zc86K+IipZx63KW7 McN7ZAfPhKbal84XvJgsJDHj1UHt/eELcFPg+8rAyZ0XSauVbJwHXbEMBj1H54Jx NyphDn/37fzwsT6uUPvl7Dh1kb/GA=
Received: by smtp.gaspard.ninja (OpenSMTPD) with ESMTPSA id 3055fb69 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for <openpgp@ietf.org>; Thu, 28 Jun 2018 09:35:24 +0000 (UTC)
References: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja> <871sdw24yd.wl-neal@walfield.org> <c2e6bbe7-0694-8193-bb76-dd50fde7d967@leo.gaspard.ninja> <d28d8f8b-b261-eb29-97bc-9c7159a62ce6@leo.gaspard.ninja> <118e5b9d-de9e-aa14-d8b4-19ef259f3d0a@ruhr-uni-bochum.de> <e63924fe-95b2-dcf8-5726-b0497945ac74@leo.gaspard.ninja> <f31349e2-e509-4e06-6db5-2ff0ffb213a5@ruhr-uni-bochum.de> <3996841a-b6ae-8769-2de8-b35351c54719@leo.gaspard.ninja> <8E4410C7-9370-492C-838F-857983CA67FC@icloud.com>
From: Leo Gaspard <ietf@leo.gaspard.ninja>
To: openpgp@ietf.org
Message-ID: <8a608b9f-f96b-466d-a0b8-7d1aa39ab011@leo.gaspard.ninja>
Date: Thu, 28 Jun 2018 11:35:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0
MIME-Version: 1.0
In-Reply-To: <8E4410C7-9370-492C-838F-857983CA67FC@icloud.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/q6c7cQxHUO4-Bm_FCv31v4EYp_k>
Subject: Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jun 2018 09:35:33 -0000
On 06/28/2018 03:44 AM, Jon Callas wrote: > Forgive me, Leo, but I don’t understand what problem you’re trying to solve, but I’m going to say that’s my fault. Nonetheless, could you reiterate for those of us who weren’t paying proper attention before? No problem! > UserIDs are intentionally a huge hand wave. It’s an arbitrary UTF-8 field. Put whatever you want into it. Yes, by convention it’s an email address, but even at the time that that was common it was convention only. When I was with PGP Corporation, we made software signing keys that merely said they were software signing keys, as well as other keys that had no email address, but a text description of what they were. Well, the idea is that User IDs are a huge hand wave indeed, and that seems to make exploiting this hard, esp. around signature, as that most often means (in my experience) that I can't sign an email address without signing a name and reciprocally. So I think splitting the User IDs into orthogonal fields would make signing these fields (as well as setting trust signatures with constraints) much easier. Currently, the fields I am thinking of would be defined as User Attributes, and would be: * name (for the real-world name of the owner) * email * role (would fit the software signing key case, or role of the owner of a key inside an organization) * pseudonym (not really sure this one would be really useful, but this would allow people's signing policy for pseudonyms to differ from the signing policy for names, eg. noticing persistent use of the same pseudonym vs. checking government-issued ID, without misleading verifiers into thinking that the pseudonym was actually a government-validated name) * free form tag=value (for eg. xmpp=foo@example.org, github=bar, etc.) Not all of these fields would need to be filled-in, obviously, and a key could have any number of each. The main point of this is to make eg. automated signature of email addresses possible without impacting user interface by requiring an email address in a separate User ID. Also, I don't think it would reduce the freedom currently offered by User IDs, because there would always be the free form tag=value User Attribute for marginal cases. But it would incite people to put the right value into the right field, and would likely make life easier for both automated and non-automated signers. Is what I'm thinking of more clear now? :) > There’s no reason you can’t put whatever you want in some other sub-packet or what. The problem with putting it in another sub-packet is that it can't replace User IDs, and User IDs will thus always be the thing that is used for signature and verification. And this would mean there would be no point in this change.
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wyllys Ingersoll
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- [openpgp] Overhauling User IDs / Standardizing Us… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Derek Atkins
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Bill Frantz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Christian Huitema