[TLS] Re: Review of draft-ietf-tls-openpgp-keys-08
Simon Josefsson <jas@extundo.com> Wed, 17 May 2006 16:58 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgPLh-0001Tq-Qb; Wed, 17 May 2006 12:58:13 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FgPLg-0001Tl-Bx for tls@lists.ietf.org; Wed, 17 May 2006 12:58:12 -0400
Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FgPLf-0002n7-UK for tls@lists.ietf.org; Wed, 17 May 2006 12:58:12 -0400
Received: from localhost.localdomain (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id k4HGw2ES018980 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 17 May 2006 18:58:05 +0200
From: Simon Josefsson <jas@extundo.com>
To: Eric Rescorla <ekr@networkresonance.com>
References: <20060517163805.9811E22245C@laser.networkresonance.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:060517:ekr@networkresonance.com::Vb49l82LkM9CDv+m:/pD
X-Hashcash: 1:22:060517:tls@lists.ietf.org::1rOnENs4OMHq4uQd:68fB
Date: Wed, 17 May 2006 18:58:02 +0200
In-Reply-To: <20060517163805.9811E22245C@laser.networkresonance.com> (Eric Rescorla's message of "Wed, 17 May 2006 09:31:41 -0700")
Message-ID: <87u07oio6d.fsf@latte.josefsson.org>
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00, FORGED_RCVD_HELO autolearn=ham version=3.1.0
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on yxa-iv
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 39bd8f8cbb76cae18b7e23f7cf6b2b9f
Cc: tls@lists.ietf.org
Subject: [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org
Eric Rescorla <ekr@networkresonance.com> writes: > Simon Josefsson <jas@extundo.com> wrote: >> Eric Rescorla <ekr@networkresonance.com> writes: >> > It's not undocumented. It's "add these certs to your bucket of certs" >> > and use them in whatever resolution mechanism you have. >> >> How are clients and servers, respectively, supposed to figure out >> which keys to include? >> >> Presumably, they should not send their entire key ring, right? Some >> properties of the resolution algorithms appear to be needed to pick >> the "appropriate" keys, and limit the set of keys to send. >> >> Compare RFC 4346, which says on X.509 certs: >> >> certificate_list >> This is a sequence (chain) of X.509v3 certificates. The sender's >> certificate must come first in the list. Each following >> certificate must directly certify the one preceding it. Because >> certificate validation requires that root keys be distributed >> independently, the self-signed certificate that specifies the root >> certificate authority may optionally be omitted from the chain, >> under the assumption that the remote end must already possess it >> in order to validate it in any case. >> >> What I'm looking for are similar guidelines to decide which OpenPGP >> keys to include, but I'm skeptical about the existence of useful such >> guidelines. > > Rather than arguing about whether such rules are possible (though > I think they are in practice), why don't we see if Pasi wants to > try to write something? Yup, agreed. /Simon _______________________________________________ TLS mailing list TLS@lists.ietf.org https://www1.ietf.org/mailman/listinfo/tls
- [TLS] Review of draft-ietf-tls-openpgp-keys-08 Pasi.Eronen
- Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Nikos Mavrogiannopoulos
- RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Pasi.Eronen
- Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Nikos Mavrogiannopoulos
- RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Pasi.Eronen
- Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Nikos Mavrogiannopoulos
- RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Pasi.Eronen
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Simon Josefsson
- Re: [TLS] Re: Review of draft-ietf-tls-openpgp-ke… Eric Rescorla
- Re: [TLS] Re: Review of draft-ietf-tls-openpgp-ke… Nikos Mavrogiannopoulos
- Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Nikos Mavrogiannopoulos
- Re: [TLS] Re: Review of draft-ietf-tls-openpgp-ke… Steven M. Bellovin
- Re: [TLS] Re: Review of draft-ietf-tls-openpgp-ke… Eric Rescorla
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Simon Josefsson
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Eric Rescorla
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Simon Josefsson
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Eric Rescorla
- [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08 Simon Josefsson
- RE: [TLS] Re: Review of draft-ietf-tls-openpgp-ke… Pasi.Eronen
- RE: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Pasi.Eronen
- Re: [TLS] Review of draft-ietf-tls-openpgp-keys-08 Nikos Mavrogiannopoulos