Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))
Wiktor Kwapisiewicz <wiktor@metacode.biz> Fri, 29 June 2018 07:46 UTC
Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F075D130EA1 for <openpgp@ietfa.amsl.com>; Fri, 29 Jun 2018 00:46:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JgRsfU7ogB9e for <openpgp@ietfa.amsl.com>; Fri, 29 Jun 2018 00:46:02 -0700 (PDT)
Received: from mail-wm0-x244.google.com (mail-wm0-x244.google.com [IPv6:2a00:1450:400c:c09::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5833E130DE5 for <openpgp@ietf.org>; Fri, 29 Jun 2018 00:46:02 -0700 (PDT)
Received: by mail-wm0-x244.google.com with SMTP id n17-v6so1003281wmh.2 for <openpgp@ietf.org>; Fri, 29 Jun 2018 00:46:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=subject:to:references:from:openpgp:autocrypt:organization :message-id:date:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=gnlU3KTVdeI0mQiEa+yunWM/OHt0TwR6bibJn6/WsEI=; b=r0foCm3zmxjABGA46zttSI7GJG/acybn3AmlUFGQ9QLu17Jn4PIsahA3N7kv40PfIV GIaY2CPHCltkgUx8c2K6RaCgGjWTKqh4DjhnoUH1T7rt1aioHfSGJb1kS09OmDcsL/6O lXVNhz++qLPPrimu7nrJMQlHZURWf/BUy943gPd9FgIu/kCPUqktyRMz9kBEGxMsTeBX TpzxIguY9BhSoy79tzrPv7SmTa4OP+rJeBIMLh8jEKAlXGSxTD+z6l1cAh926leWWYb4 ARXqUTOeyO9kgDSzRROyjSd+Tfs1+l3/ei/7nvc6O3MwstUyO69B8AezeTAne+kn5u7K 3RFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :organization:message-id:date:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=gnlU3KTVdeI0mQiEa+yunWM/OHt0TwR6bibJn6/WsEI=; b=d88raWl8YI30ETdKklK7DETPGHpoAro5d8OP0R2LYzJ61e5HO0+X7Db6lckHymnYzG rXBub1c1+JBgrWiB5LKG9W35hcW2p0kwER9OXiWJUk4eVolORm3W4rXdeIp8XU2JKLwG s4Wdxx+vR1xIeQnjFpW0mL+GuTAaZdO7a2yotSZ+jRvVQ998YuVAWVIQE4OtIn0RRxqk vGW5CVOMJctGgRsr6yqmmaF7A1A4n2CvtDAiAnsqRSBjLUz9OZhuPNh8z+Vh0v9wqNHQ 8bE9d33gAYUjcI28dDFVhC+cgcDzqPxQqFSSd8w7Iff7IDMgNixiJzrdM9Ugr2y2tMqP 3WEA==
X-Gm-Message-State: APt69E2w/b4s492jebTQ67bCvK+ZfDXM7SVTM7IsjcjLREOSOrAF9SM9 gudR4MYRIGNo8WYJ9/vvVF6i+VQSgLY=
X-Google-Smtp-Source: AAOMgpcWhQoiPps5frW8HGKLD6cRX1wBPGAswj2Lwozg+koxzGS7sBQQYtHlzV5QGy2c66v6Fn01Gg==
X-Received: by 2002:a1c:9c0b:: with SMTP id f11-v6mr903150wme.148.1530258360273; Fri, 29 Jun 2018 00:46:00 -0700 (PDT)
Received: from ?IPv6:2a00:f41:3860:62f5:f85f:30b1:f057:9192? ([2a00:f41:3860:62f5:f85f:30b1:f057:9192]) by smtp.googlemail.com with ESMTPSA id i190-v6sm700778wmd.33.2018.06.29.00.45.58 for <openpgp@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 29 Jun 2018 00:45:59 -0700 (PDT)
To: openpgp@ietf.org
References: <39e598e1-2bc0-32c9-3489-4bb6ca2a631b@leo.gaspard.ninja> <871sdw24yd.wl-neal@walfield.org> <c2e6bbe7-0694-8193-bb76-dd50fde7d967@leo.gaspard.ninja> <d28d8f8b-b261-eb29-97bc-9c7159a62ce6@leo.gaspard.ninja> <118e5b9d-de9e-aa14-d8b4-19ef259f3d0a@ruhr-uni-bochum.de> <e63924fe-95b2-dcf8-5726-b0497945ac74@leo.gaspard.ninja> <f31349e2-e509-4e06-6db5-2ff0ffb213a5@ruhr-uni-bochum.de> <3996841a-b6ae-8769-2de8-b35351c54719@leo.gaspard.ninja> <8E4410C7-9370-492C-838F-857983CA67FC@icloud.com> <8a608b9f-f96b-466d-a0b8-7d1aa39ab011@leo.gaspard.ninja> <D3567617-4B9B-4BFE-AC39-11B0BEBB0B6B@icloud.com>
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Openpgp: id=653909A2F0E37C106F5FAF546C8857E0D8E8F074; url=https://metacode.biz/@wiktor/openpgp/key
Autocrypt: addr=wiktor@metacode.biz; keydata= xsFNBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABzSlXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PsLB7gQTAQoAmAIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhBQJaLoPdBQkDwPuGAAoJEGyIV+DY6PB0CNkQAKGTFHzG4YO6 yne5jfMlGcF8JUYq0EGHE9DRK6oAyGo+1TGFbf1bS4wULvA6LFBOLd+aI7uuN062kDdtHVUf 0S0AZ9ByjIBdQJsqx47W6uXsRX/pB0a70QqS6NbS3AL/fdwZOj/TBk8bdsfg7Z+hH+ykMcOs EYLmdMLmrqYgl9EyP4FmsnU9H8x4yKp0/Kv4BQYfjn68CFvyM2NQU3MR/H3sqvM/uY5AJwTp A8X1ZbN8pjZO5YRTiQtMrXekNzhP3p0ep1+cu2UxQO6jXV6Sjdm8D8RJzGaxCuhN/VhLNSvh cb2T5sejBAhU8JmKNle4+z5wZWB4bl5Dfkg1NpSEEdv7so+KXCnszo89UJJijlfgBFtm5WjK u7gCR8CVOeGQwQolEzi18zihCwRy1rg/xKokk7q6ZBEvxM1sBYNd81mi1PgrNwgH4jPULfQk UJtU7HLRVNLbnrIyEQbLOJegBLaWHgR4T69blBGg1oqiq/1PHnZuJauZhhNEAViX42VKJP1z w6PIfvbjg27wf4OjEDtVVXCrxqqljHRilagFQHGlU+iF6Ii2C3pNod11+lqJC0riFylxK/wu zHpoZdFg10gqMWIE2Exm7nJ6ToKv5kZqKC97mWrmh6FFEr6HmjDDuo+N4RER3VGj0dSey5nc eFQ2vry17IGN1ljV9TiARDgizsFNBFhoYf0BEACidQ4OVAKliYOnNzG5ltod8GS0eJj3CSnY 0gszCjS6Hm0OkvCN5RfEagALuLuJe06nFDB/mEvsV3CKO1rxPUrQnijxjl/L5LopdEVhwQoL UBhvMvdX62krk6CtsFUlQvHPS923+YoQ1/HWR8jbWLJq/PNJp3fE9FKbWX6BchOeZ/KCZ/Ip 6vv7YOVVyBVL8O/slSkEEaUS40ac/F70/wfUPXRgiOLYVikRNlphvmTu54F0KWFUbPYAhyr/ xSz8Joy34+e9h5ipEb+Cv9CrjQaHp8aLDAR1VJ3A+SjSt20mU1CuhKwpR+z0t/hjlOLHv0zR qWl3QNYmNBJ9I2oW4mH9FEDM3DRsWEaqdaL1uVeQ8rE4QZ6tbk76YS8eyRWjScLQm61USHxq 7KpUI73k6ST0Ylyj8D1a03dKUTuytgU0NhbFyArI2UHNvhm73X6qo7ofHlfgA6mVAaI4jW7r /CY0GLs29PyetdII/+6F50HAEXBswTesgx/2P6k+vHhReyZF7NgSkqEWaGgKdRlSyTpu/U+Q TRmLB/yWfL89+BMJZosX0oMWZxG7XPu18GXSeHNoSPw9xLNGWGMbKErIbyVqQyd6fu2gpYzO n9J57ImHvgoENvcyRl7sSOiZto/5EJiHubUBTeeuZf2V7QxfrP15h1SVkzDjIOP3qXF+oCI8 jQARAQABwsFlBBgBCgAPBQJYaGH9AhsMBQkB4TOAAAoJEGyIV+DY6PB0I94P/iFsWZcgYNaN JxXK99755nzKKDSqjCOkTgoV9h9cNaIZV944pupdugRW5ek6BV2/Cj93iCGMzrfzzvETPT4t 8oaC/0yJ0pzPUrFe9Uht2ghtmXQK6Mw0fM4daPKJtCQyMlfYljqKhxgIJ24cB+O04yOrvfCS FRQw/T4ngmqCvI1wRzxU98yljKKxcvQWZ6qY6izNeUZJ6Ie1iujQOEmnLSXMikcptGf5YC9C KY0f9MsCI75uCx2HKQRRcj/nOHE+dkwo5XyUbSuWhQu6bOHJI5S0ixkjVp6JQ4E1NBLR3P3V Kr1jg6ODbJ0w9B8peSumzFhGf0qo2RYkPYKkUFfejmUhphSAS2WmdGHbut32ibDn6vd/XTjs vGQUDQ2Bp3fXdqeTw79T5zGpS87omdnz/Wpavntjv9IbVTnCmJMfSBYUmMoBK94IEWttKmL/ UCmcoruhhLs1A3Xdn17gt6k+AkBapBd8IC15QiMedzCINtug399M9MMfgkW5NpGOunpLBbhG xUD2nqdK2j347/dGTT53sUa6tQw6IDNZrCWOJTqTeP6PD7BJt67tlywPgmLSBGYgWpnRNJhb 9QKzyn3KnUzp9lzUDLReEu2gdY2Kz1N5PVmmF/ysfKVJZ0ZGWPB4iR/HgAc6OY2TnHXiifKT EXmAO6RvoR7+8se4PUnv0mR1wsFlBBgBCgAPAhsMBQJaLoRUBQkDwPoDAAoJEGyIV+DY6PB0 XoMP/i+6XvyNE/XsdFgeAO/rtdELWphFUu1HbaKYeh6YMYjg71eR8KbYe2sz3M1Bawj/D7Kb tGRsxFshkLHau0N0cJHEr3U6j/U7sEWCW/YDlWSIyBWYg+j1k/aBczfL/oC9E9h8LOUUjjj3 vpRs2rHmIHT2aAvbRom1d4xaFh1kwn7sUKtc+0AoP5PCeBcfqMduunEPqsfsbmz1Dz+O5FJ7 LRG8YXyV+5YTT1pEuNjFm+GNBEvwhfJqN+H459ngMdZUkCyKwWLAMaJj6y9/ZJ8lrPLCjGDR p9FzhLg39gQqV5Vu41VyBr+9YucX/sWfQ1SuvWDMBnTKSOKX01RAHGvnOmtl3Vr4SqWDhFsO VdWluKugMiIdajKwgM9Bp+35O/l8QQbxxrRAy/TI+dB4w8Urn2oVPkAq8RgYJIzpYYUFnhKD EwcdoG8Lk2EqO60g9UR6tGVsW9/vYvVGHlm0kArIDF9o0zAo5wsuZE9kO4oneoIsCRLwjuZk bqQ+2V+8R3P5YkV8VogwwYPCAhkpGD/ACblux5ip1ilLWFm75Hj3aPkvJSWi5DfkoxzntZBM KrhpyhCKJFUPZovREteTzl8ns3/KvoUJ5VQF3HqXKw49sWrWSDHEugt9ERfCBzAuYl4WB7Qt xwe2q0voV3BFy8kd04NRiyJkBU0BeBHEHblrGY23
Organization: Metacode
Message-ID: <1cacc056-1ec7-f388-ee08-46468bd87bda@metacode.biz>
Date: Fri, 29 Jun 2018 09:45:55 +0200
MIME-Version: 1.0
In-Reply-To: <D3567617-4B9B-4BFE-AC39-11B0BEBB0B6B@icloud.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/v2fhMOCJBL9t51D49mosV70vsi0>
Subject: Re: [openpgp] Overhauling User IDs / Standardizing User Attributes (was: Re: Scoped trust (signatures))
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 07:46:09 -0000
Hi Jon, This is slightly off-topic but... > Heck, while you’re at it, talk to the Keybase people because they explicitly now have Twitter, Facebook, Github and DNS identifies, along with Reddit, Hacker News, Bitcoin addresses, Zcash addresses, and more I’m likely missing. From what I've seen Keybase is not interested in purely OpenPGP solution - they want to keep the data on their site [0]. And there already is I-D for "keybase but distributed" using OpenPGP - Linked Identities by Vincent [1]. Moreover this draft is already implemented in OpenKeychain and has verifications for Twitter, GitHub, etc. and works really well. I think the concept is proven to be working. (The only issue that I have with it it's that it's using experimental UAT IDs, but because Linked IDs is just a draft it cannot get proper assignment). I've been experimenting on a slightly different implementation of Vincent's concept (using User IDs and notations instead of Attributes, and defined verification language) [2]. Also, a quote from Werner over the use of user attributes from 2017 [3]: > (...) Anyway, I think that the User > Attributes should not be extended over their use for an image. URIs can > simply be represented by plain User IDs and software can easily detected > such URIs if desired. > > The need to implement UAT only adds more complexity for a questionable > purpose. Note that these image UAT were introduced due to marketing > needs of PGP or NAT and (iirc) only specified after they had been > introduced in their software. I didn't agree with him back then, but after longer thought I changed my opinion - user attributes do not have any fallback mechanism - either most software supports that custom special attribute or it's practically impossible to work with them (yes, they are supported, but displayed as an opaque string [4]). And I say this as a person that added this packet "by hand" and use it on my key. (As a side note, photos could be expressed as links to images with a hash, that would reduce the key size significantly). On the other hand I like the "hand wavy" approach to User IDs, I think it's underutilized :-) Kind regards, Wiktor [0]: https://news.ycombinator.com/item?id=15352217 [1]: https://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01 [2]: https://github.com/wiktor-k/distributed-ids [3]: https://www.ietf.org/mail-archive/web/openpgp/current/msg08914.html [4]: https://keyserver.ubuntu.com/pks/lookup?fingerprint=on&search=0x653909A2F0E37C106F5FAF546C8857E0D8E8F074 -- */metacode/*
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wyllys Ingersoll
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- [openpgp] Overhauling User IDs / Standardizing Us… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Marcus Brinkmann
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Derek Atkins
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Bill Frantz
- Re: [openpgp] Overhauling User IDs / Standardizin… Jon Callas
- Re: [openpgp] Overhauling User IDs / Standardizin… Wiktor Kwapisiewicz
- [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- [openpgp] Overhauling User IDs / Standardizing Us… Leo Gaspard
- Re: [openpgp] Overhauling User IDs / Standardizin… Vincent Breitmoser
- Re: [openpgp] Overhauling User IDs / Standardizin… Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Leo Gaspard
- Re: [openpgp] Scoped trust (signatures) Vincent Breitmoser
- Re: [openpgp] Scoped trust (signatures) Neal H. Walfield
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Jon Callas
- Re: [openpgp] Scoped trust (signatures) Christian Huitema