Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08

"Nikos Mavrogiannopoulos" <nmav@gnutls.org> Tue, 16 May 2006 10:17 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffwck-0006E8-Pm; Tue, 16 May 2006 06:17:54 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffwcj-0006E3-FD for tls@ietf.org; Tue, 16 May 2006 06:17:53 -0400
Received: from wx-out-0102.google.com ([66.249.82.204]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ffwci-0005BM-9B for tls@ietf.org; Tue, 16 May 2006 06:17:53 -0400
Received: by wx-out-0102.google.com with SMTP id s6so856859wxc for <tls@ietf.org>; Tue, 16 May 2006 03:17:51 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=lz0zp+IsdiqWgW78FoZQlJalp3fv/LIU3OQRKjpycwY1FnxI2cIa+QU+SfkVtdYpdefd6VSAijBnE7ElOXivf4G3I4/3MTWeQBduYfUE3+HkGi05l+Cy4U0BqkxTRNvhcDphxHzS24ZIDPf+Wq/WON1O3CfJ+RINvxiNp3pT/xI=
Received: by 10.70.80.2 with SMTP id d2mr8209855wxb; Tue, 16 May 2006 03:17:51 -0700 (PDT)
Received: by 10.70.58.20 with HTTP; Tue, 16 May 2006 03:17:51 -0700 (PDT)
Message-ID: <c331d99a0605160317y39bea813p5b7d441b0a9f195f@mail.gmail.com>
Date: Tue, 16 May 2006 12:17:51 +0200
From: "Nikos Mavrogiannopoulos" <nmav@gnutls.org>
To: "Pasi.Eronen@nokia.com" <Pasi.Eronen@nokia.com>
Subject: Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08
In-Reply-To: <B356D8F434D20B40A8CEDAEC305A1F2402A7978F@esebe105.NOE.Nokia.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <c331d99a0605160235u6d11b90s8dece182bda70aa7@mail.gmail.com> <B356D8F434D20B40A8CEDAEC305A1F2402A7978F@esebe105.NOE.Nokia.com>
X-Google-Sender-Auth: ae74f52f463b8010
X-Spam-Score: 0.5 (/)
X-Scan-Signature: ffa9dfbbe7cc58b3fa6b8ae3e57b0aa3
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On 5/16/06, Pasi.Eronen@nokia.com <Pasi.Eronen@nokia.com> wrote:

> All this ("typical way" etc, "might be signed by tens", ..) seems to
> indicate that usually a single certificate is enough, but there may
> be situations where several would be useful. In other words, the
> situation is not that different from X.509, and we should keep the
> Certificate payload as a list...

Indeed there are situations were a list might do, but there are also situations
where a graph would be better, or just a single one might do. The idea in this
draft is to keep the key exchange separate from any local verification policy.
If one wants to use the web of trust, he can use it. If somebody else
wants to use
openpgp keys the same way as PKIX certificates, he can also use the
current draft.
In all cases unknown keys are retrieved via a key server or by other means.

That approach follows the way openpgp keys are used in electronic mail
and I see no good reason to change it by introducing an openpgp key
chain in this draft.

regards,
Nikos

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls