IETF Logo Mail Archive

Re: [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08

"Steven M. Bellovin" <smb@cs.columbia.edu> Tue, 16 May 2006 20:57 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fg6bt-0003JX-GM; Tue, 16 May 2006 16:57:41 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fg6bs-0003JS-7P for tls@lists.ietf.org; Tue, 16 May 2006 16:57:40 -0400
Received: from machshav.com ([147.28.0.16]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fg6bq-0006rD-SI for tls@lists.ietf.org; Tue, 16 May 2006 16:57:40 -0400
Received: from berkshire.machshav.com (localhost [127.0.0.1]) by machshav.com (Postfix) with ESMTP id F0D0CFB29B; Tue, 16 May 2006 16:57:37 -0400 (EDT)
Received: by berkshire.machshav.com (Postfix, from userid 54047) id C57023C0469; Tue, 16 May 2006 16:57:36 -0400 (EDT)
Date: Tue, 16 May 2006 16:57:36 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Subject: Re: [TLS] Re: Review of draft-ietf-tls-openpgp-keys-08
Message-Id: <20060516165736.ddc57b83.smb@cs.columbia.edu>
In-Reply-To: <200605161907.51448.nmav@gnutls.org>
References: <B356D8F434D20B40A8CEDAEC305A1F2402A7978F@esebe105.NOE.Nokia.com> <87slna3wkc.fsf@latte.josefsson.org> <86mzdiowgo.fsf@raman.networkresonance.com> <200605161907.51448.nmav@gnutls.org>
Organization: Columbia University
X-Mailer: Sylpheed version 2.2.4 (GTK+ 2.8.17; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 9182cfff02fae4f1b6e9349e01d62f32
Cc: tls@lists.ietf.org
X-BeenThere: tls@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/tls>
List-Post: <mailto:tls@lists.ietf.org>
List-Help: <mailto:tls-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
Errors-To: tls-bounces@lists.ietf.org

On Tue, 16 May 2006 19:07:51 +0200, Nikos Mavrogiannopoulos
<nmav@gnutls.org> wrote:

> On Tue 16 May 2006 16:50, Eric Rescorla wrote:
> 
> > > I'd disagree that it is that simple to fix that: If the draft
> > > permit more than one key, I believe it has to describe how
> > > implementations are supposed to use more than one key to build the
> > > chain, or at least mandate some specific behaviour.
> > I don't agree with this. PGP at least theoretically knows how
> > to build cert chains from a "bucket of keys".
> 
> Maybe but I still find no point in sending a bucket of keys just like 
> that. If it is to be sent it has to be clearly defined what it is 
> expected in this bucket and so on. I'm quite reluctant to do it because 
> I don't need nor find a use for this functionality. It can be easily 
> added by anyone that need it[0], and I would be willing to include the 
> required changes in this or a future update, if somebody needs it and 
> defines the semantics of a key list.
> 
The problem is that you don't know the recipient's trust anchors or trust
metrics.  Without that, you have to send the whole graph (or at least as
much of it as you have), to maximize the chances of the key being accepted.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb

_______________________________________________
TLS mailing list
TLS@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/tls

v2.23.0 | Report a Bug | By Email