Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08

[Nikos Mavrogiannopoulos <nmav@gnutls.org>]

On Tue 16 May 2006 13:59, Pasi.Eronen@nokia.com wrote:

> Thus, I would not hard-code this limitation in the specification,
> especially when it's very easy to avoid (just allow a list just
> as in normal TLS), and there's just 3 bytes of overhead for
> implementations that send only one PGP key... (and in fact
> even this overhead could be avoided if we remove the redundant
> length field by stating that the "key descriptor type" is the
> first byte of the key data)

It is not about the byte overhead. It is about defining what a key chain
is how is it going to be used, what is an implementor going to put there 
etc. Otherwise it would be a pandoras box, waiting to be opened. 

Given the feedback I've got all the years this draft exists, it seems 
that nobody so far had a need for it. If in the future this proves to 
be a limitation, it is easy to add an extra key descriptor type with a 
key list, that follows some rules, or none. 

> > That approach follows the way openpgp keys are used in electronic
> > mail and I see no good reason to change it by introducing an
> > openpgp key chain in this draft.
> It does not follow the email way of using PGP: most email messages
> don't contain the public key at all (only the signature), and when

+ the fingerprint of the signer, because that's what is needed for 
authentication. The receipient is responsible for retrieving the
keys based on the fingerprint. 


regards,
Nikos

ps. I hope I didn't get rude or personal in this or previous mails, but 
my point is that since we have no use of this functionality today, I 
see no point in adding it. If needed it might be better to be added 
from people who would use it because they will define it the way the 
really need it.


_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls