IETF Logo Mail Archive

Re: [openpgp] Manifesto - who is the new OpenPGP for?

Brian Sniffen <bsniffen@akamai.com> Thu, 26 March 2015 19:46 UTC

Return-Path: <bsniffen@akamai.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E68721A8776 for <openpgp@ietfa.amsl.com>; Thu, 26 Mar 2015 12:46:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.611
X-Spam-Level:
X-Spam-Status: No, score=-2.611 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cgd81Ck84qY for <openpgp@ietfa.amsl.com>; Thu, 26 Mar 2015 12:46:27 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (prod-mail-xrelay06.akamai.com [96.6.114.98]) by ietfa.amsl.com (Postfix) with ESMTP id A77981B2DF7 for <openpgp@ietf.org>; Thu, 26 Mar 2015 12:46:19 -0700 (PDT)
Received: from prod-mail-xrelay06.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id D84A5165972; Thu, 26 Mar 2015 19:46:18 +0000 (GMT)
Received: from prod-mail-relay08.akamai.com (prod-mail-relay08.akamai.com [172.27.22.71]) by prod-mail-xrelay06.akamai.com (Postfix) with ESMTP id CD7F2165971; Thu, 26 Mar 2015 19:46:18 +0000 (GMT)
Received: from Tereva.local (unknown [172.19.112.199]) by prod-mail-relay08.akamai.com (Postfix) with ESMTP id 4BEEC9803E; Thu, 26 Mar 2015 19:46:18 +0000 (GMT)
From: Brian Sniffen <bsniffen@akamai.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>, Christoph Anton Mitterer <calestyo@scientia.net>
In-Reply-To: <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com>
References: <CAA7UWsUz65C0GAQo8Yf7ZOeT9BYy+NLV5pbbPg+Ok0-72ca1eA@mail.gmail.com> <1426721882.4249.72.camel@scientia.net> <5510578A.80304@iang.org> <1427140788.10191.75.camel@scientia.net> <5510B7CF.8060308@iang.org> <1427168189.10191.241.camel@scientia.net> <5511FE82.6010807@iang.org> <1427243451.10191.375.camel@scientia.net> <5512F137.80702@iang.org> <CAHBU6isgirHnx+gHP+OiHuvhzD+1OTCShCHEkhWcqEmUn9qnzQ@mail.gmail.com> <CAMm+LwiXKf1DvgbHaZoJnKdCVbak-jderv6Z8KDs9xPEbUuYQQ@mail.gmail.com> <1427343948.23692.14.camel@scientia.net> <CAMm+Lwi5bVTujuazTXw7oRty7n5RtsObEfNrJzmbtPiOb-X25g@mail.gmail.com>
User-Agent: Notmuch/0.19 (http://notmuchmail.org) Emacs/24.4.1 (x86_64-apple-darwin14.0.0)
Date: Thu, 26 Mar 2015 14:46:17 -0500
Message-ID: <m27fu3fsom.fsf@usma1mc-0csx92.kendall.corp.akamai.com>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/uy4dhHmVY2QqtDWRQoAT0sVBOVo>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Manifesto - who is the new OpenPGP for?
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 19:46:29 -0000

Phillip Hallam-Baker <phill@hallambaker.com> writes:

> On Wed, Mar 25, 2015 at 6:25 PM, Christoph Anton Mitterer
> <calestyo@scientia.net> wrote:
>> On Wed, 2015-03-25 at 22:56 -0500, Phillip Hallam-Baker wrote:
>>> Web of Trust is a fine academic
>>> theory but it is not how OpenPGP is really used in the real world.
>> Lol?
>> How else do you use it?
>
> I see people using fingerprints directly mostly. Some download them
> from key servers.
>
> By Web of Trust I mean actually following a chain to check a key.

I walked a colleague through doing that today: she needs to send me a
secret, and I can't take time to call her and read a fingerprint.
Fortunately, my key had been signed by many other colleagues, and she
had trusted keys from a few of them.  It worked exactly as designed.

It's similarly helpful for new peole joining that group---new staff, in
that case.  This is just an anecdote, of course, but so is "I have
never...".  I expect there are little cells of WoT usage scattered
around, and little cells of blind trust, and little cells of
read-the-fingerprint---when strangers meet.

> No, I think there are quite a few things that we can do today that
> change the WoT game. People carry smart phones with near field
> communication, barcode, cameras. So signing can be made a lot simpler.

I would be interested to see a tag on keysignatures.  That would let me
play with automatic signatures and such without polluting the WoT.  I
don't directly see how to do this---is this what "Key Endorsements" are
for in
<http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-01>?

Thanks,
Brian

-- 
Brian Sniffen
"I reserve the right to evolve my views, and state that views I previously
 expressed may have been somewhere along the spectrum from insufficiently
 nuanced through ill-informed to dead wrong."

v2.23.0 | Report a Bug | By Email