RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08

<Pasi.Eronen@nokia.com> Tue, 16 May 2006 09:47 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffw9M-000768-C5; Tue, 16 May 2006 05:47:32 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Ffw9K-000763-Ui for tls@ietf.org; Tue, 16 May 2006 05:47:30 -0400
Received: from mgw-ext12.nokia.com ([131.228.20.171]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Ffw9J-0003gp-FR for tls@ietf.org; Tue, 16 May 2006 05:47:30 -0400
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143]) by mgw-ext12.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k4G9lMkA030778; Tue, 16 May 2006 12:47:22 +0300
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 16 May 2006 12:47:19 +0300
Received: from esebe105.NOE.Nokia.com ([172.21.143.53]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 16 May 2006 12:47:18 +0300
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08
Date: Tue, 16 May 2006 12:47:19 +0300
Message-ID: <B356D8F434D20B40A8CEDAEC305A1F2402A7978F@esebe105.NOE.Nokia.com>
In-Reply-To: <c331d99a0605160235u6d11b90s8dece182bda70aa7@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [TLS] Review of draft-ietf-tls-openpgp-keys-08
Thread-Index: AcZ4zDDR0BnIOpTbQEq3spOET+5XUgAAI11w
From: <Pasi.Eronen@nokia.com>
To: <nmav@gnutls.org>
X-OriginalArrivalTime: 16 May 2006 09:47:18.0763 (UTC) FILETIME=[B89E03B0:01C678CD]
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 2409bba43e9c8d580670fda8b695204a
Cc: tls@ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

Nikos Mavrogiannopoulos wrote:
> > If Alice signs (certifies) Bob's key, and Bob signs Carol's key,
> > isn't that a certificate chain? (The whole notion of "web of trust"
> > seems to imply a certificate graph, which again implies chains...)
> 
> Indeed that's true.But it is also not very practical to include
> signers in the key sent. That is because a key might be signed by
> tens or hundrends of keys, that are not compact either. I also see
> not much usage of the extra keys. The typical way for the receipient
> to verify an openpgp key is by retrieving by himself the required
> chain, if needed.

All this ("typical way" etc, "might be signed by tens", ..) seems to
indicate that usually a single certificate is enough, but there may
be situations where several would be useful. In other words, the 
situation is not that different from X.509, and we should keep the 
Certificate payload as a list...

> A similar matter was discussed in the early days of the draft... 
> i just found a link:
> http://www.mhonarc.org/archive/html/ietf-openpgp/1997-12/msg00105.html

Thanks for the pointer; it looks like Eric raised exactly this issue
already over 8 years ago!

Best regards,
Pasi

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls