[openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?

iang <iang@iang.org> Thu, 12 September 2024 16:29 UTC

Return-Path: <iang@iang.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A9E9C151540; Thu, 12 Sep 2024 09:29:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iang.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1tCoc_JMGK-C; Thu, 12 Sep 2024 09:29:07 -0700 (PDT)
Received: from virulha.pair.com (virulha.pair.com [209.68.5.166]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD1EDC151076; Thu, 12 Sep 2024 09:29:06 -0700 (PDT)
Received: from virulha.pair.com (localhost [127.0.0.1]) by virulha.pair.com (Postfix) with ESMTP id 380F66D6F7; Thu, 12 Sep 2024 12:29:05 -0400 (EDT)
Received: from [127.0.0.1] (iang.org [66.39.78.18]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by virulha.pair.com (Postfix) with ESMTPSA id 5670C6D6E6; Thu, 12 Sep 2024 12:29:04 -0400 (EDT)
Content-Type: multipart/alternative; boundary="------------DICACedRH0iY5antfeweefsp"
Message-ID: <61970399-2a17-47cc-acfd-ef3fc247498e@iang.org>
Date: Thu, 12 Sep 2024 18:29:02 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
To: Justus Winter <justus@sequoia-pgp.org>, Daniel Huigens <d.huigens@protonmail.com>, "draft-ietf-openpgp-replacementkey@ietf.org" <draft-ietf-openpgp-replacementkey@ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
References: <AwjEWTG0D_H985qVgdVDJNfG3jJROp0T9HD06zQWGzXnby5tXCoVrZH18W8T67Mh7CCAPLFJ33Np0Ro0yAWGRH827Kl7_lhqSZMr6JckCrU=@protonmail.com> <87r09o7wmt.fsf@europ.lan>
From: iang <iang@iang.org>
In-Reply-To: <87r09o7wmt.fsf@europ.lan>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iang.org; h=content-type:message-id:date:mime-version:subject:to:references:from:in-reply-to; s=pair-202304291445; bh=OasSFQFatjBPfPpTJDDRpot2YSs5ctdPQTKNXl3gaxg=; b=4g9PFr/oOTGqPWamfN4qNTW+CsJ65jnOxfCjF0KgeKac5Chv6OS9xoLLGNNxt1at6HmbaDNtg9yqX13PbhgynVyFqAf5i2FFkm7WrhKqFDID45gefMj4I5nxoetBPFqoRO/PARBza4u/ycBOMUnpJ/fbg4jTZ9LdK7HKVz5VgHgsA21ORjuXgR78DYrYQYDNN7sSauLcD8bGH4jUIfcLMQqtHs2PdwyjCqSJSfb4nNddkMLTyld/x8bq6CYzV4RZJb8sIdE8ZPtKmaydq+W3WgYKCGeXpNC18PxH8/CB5vuY8DVzdC7p8UmYp3UhO3jrhF31SlDnEv8eVqXQsSOZUA==
X-Scanned-By: mailmunge 3.11 on 209.68.5.166
Message-ID-Hash: R44D7NHRZANW2PWYHAQFVD6KLVQYHSFE
X-Message-ID-Hash: R44D7NHRZANW2PWYHAQFVD6KLVQYHSFE
X-MailFrom: iang@iang.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [openpgp] Re: Splitting replacement keys subpacket into related keys and trust equivalence?
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/xV-xms_DDbv43Bll1STOeyTtx_o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On 12/09/2024 16:51, Justus Winter wrote:
> Further, I have a rule of thumb when discussing OpenPGP: any person
> saying the word "trust" is likely confused and most certainly wrong.


Hear hear! Indeed I'd expand it to the entire IT world. It's so 
vexatious that I even wrote a book about it: 
https://iang.org/identity_cycle/ which you shouldn't trust at all!

Shilling aside, it turns out that our collective technical use of the 
word trust is probably based on the fantasy that we can provide a 
technocratic solution for one of the deepest human emotions.


> I realize that I'm being pedantic here, but people get this wrong all
> the time, and if we don't get it right (because we're using sloppy
> language), how can we expect our downstream developers or users to get
> it right?


I find it welcome - it's why the so-called Web of Trust failed - it 
failed to have any understanding of the meaning of trust. I'm not 
blaming anyone for that - I also swallowed the kool-aid in the 90s. In 
the late 00's I took a deep dive into CAs which do have an understanding 
of the meaning of trust, that just happens to be even wronger than PGP's 
absence of understanding...

That was followed by time outside the West during which I was able to 
develop an alternate theory that actually hangs together, and is to some 
large extent locked out of the Western consciousness. If anyone wants a 
quick starter on this, there's a fabulous article:

https://aeon.co/ideas/descartes-was-wrong-a-person-is-a-person-through-other-persons

iang