Re: [VCARDDAV] Signed vCards

DataPacRat <datapacrat@gmail.com> Mon, 01 July 2013 18:16 UTC

Return-Path: <datapacrat@gmail.com>
X-Original-To: vcarddav@ietfa.amsl.com
Delivered-To: vcarddav@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7CF11E8160 for <vcarddav@ietfa.amsl.com>; Mon, 1 Jul 2013 11:16:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.232
X-Spam-Level:
X-Spam-Status: No, score=-2.232 tagged_above=-999 required=5 tests=[AWL=-0.232, BAYES_00=-2.599, J_CHICKENPOX_35=0.6, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eshW+bnXuRQ1 for <vcarddav@ietfa.amsl.com>; Mon, 1 Jul 2013 11:16:13 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) by ietfa.amsl.com (Postfix) with ESMTP id 92F0A11E814E for <vcarddav@ietf.org>; Mon, 1 Jul 2013 11:16:12 -0700 (PDT)
Received: by mail-wg0-f50.google.com with SMTP id k14so3982045wgh.17 for <vcarddav@ietf.org>; Mon, 01 Jul 2013 11:16:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Up7WzMGfiTSAoGn8M860AFFgDIy2lkY05oXpDwZZjCE=; b=p+1Rgmb6MWR3aRVuzObL0C2jDO/9MjGcEcNtrCvSKEwUkWiRh5Nrh7MLAQRJ2H0kwe QNMBX8uuraG21Y4HcGTUalctjuzi/MonXN2QmegFsozQ5XoPoSUO2lDvcws57lQfCDCB eooqOlMqH27zlL5X1i3xX9pf/WGV0dKh+OAGilCV2P46vsLc+Wka8EeMvXEs1LA3yT8m GtYlQgoQ4O6YNcQkjaY6lsnVKOAv+qIVFJBPuUWLAP/S0PJ7N4bI+ezJbaw1fwWEbMV9 vFQmmCngDhkCpIGGIorPo8Yb1njEgXYZjVWpQbBgwIYmNg8bChNSed1XBDhtHk9lI40M dcsg==
MIME-Version: 1.0
X-Received: by 10.180.36.36 with SMTP id n4mr13170477wij.0.1372702569388; Mon, 01 Jul 2013 11:16:09 -0700 (PDT)
Received: by 10.194.243.193 with HTTP; Mon, 1 Jul 2013 11:16:09 -0700 (PDT)
Date: Mon, 01 Jul 2013 14:16:09 -0400
Message-ID: <CAB5WduCvUTd0X8K+gMFK2tw=TtQrFGnAE_yyaDscLk5Y9SOVvw@mail.gmail.com>
From: DataPacRat <datapacrat@gmail.com>
To: Simon Perreault <simon.perreault@viagenie.ca>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "vcarddav@ietf.org" <vcarddav@ietf.org>
Subject: Re: [VCARDDAV] Signed vCards
X-BeenThere: vcarddav@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF vcarddav wg mailing list <vcarddav.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vcarddav>
List-Post: <mailto:vcarddav@ietf.org>
List-Help: <mailto:vcarddav-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vcarddav>, <mailto:vcarddav-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Jul 2013 18:16:13 -0000

On Mon, Jul 1, 2013 at 11:50 AM, Simon Perreault
<simon.perreault@viagenie.ca> wrote:
> Le 2013-07-01 16:20, DataPacRat a écrit :
>
>> While playing with vCard as a container for time-and-space data is a
>> fun exercise, my primary use case is identity authentication over
>> otherwise anonymized networks such as Tor. While some forums thereon
>> could be referred to using the proposed acct: URI, using the forum's
>> .onion address and the user's account name, not all are so easy to
>> work with. (Eg, "I'm the person who programmed the software which made
>> the edit at 2010-11-12T12:34:56 to wiki page XYZ on site ABC.onion
>> (whose server lay in the house that Jack built).")
>
> Anytime anyone suggests a new way to do something with crypto, the
> obligatory "why not use PGP?" needs to be answered.
>
> So... Why not use PGP? :)

The answer to that is... I /do/ want to use PGP. :)

More specifically, I want to be sure that the KEY field in any given
vCard can point to (or contain) a PGP key, to use for hash-signing;
and PGP would probably be the easiest crypto algorithm to implement in
general.

Most of the point of having a signed vCard is to make arrangements for
easy and automated use /of/ PGP, to authenticate a vCard's data; and
to allow a vCard to associate a PGP key with an identity that may not
have an email address, and without necessarily directly relying on any
particular external keyserver system. (Further use for signed vCards,
the way I'm proposing them, is that current PGP web-of-trusts have
insufficient resolution for my purposes - there's no practical way to
figure out that a key is only 90% likely to actually be associated
with its given identity.)


Put another way, I'm hoping to end up with a way to swap out
pgp.mit.edu as one's PGP keyserver, replacing it with an ad-hoc
peer-to-peer distributed network roughly based on webfist, after
having corrected webfist's reliance on email keys as authoritative ID
strings. (And the more useful and easy-to-use I can make signed vCards
in the process, the more likely they are to be adopted more widely,
increasing the usefulness of the whole authentication system.)


Thank you for your time,
- --
DataPacRat
"If we are fervently passionate about the idea that fire is hot, we
are more rational than the man who calmly and quietly says fire is
cold." -- Tom McCabe