[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[openpgp] Trust models...



On Wed, Apr 1, 2015 at 4:27 PM, Daniel Kahn Gillmor
<dkg@xxxxxxxxxxxxxxxxx> wrote:
> On Wed 2015-04-01 14:57:49 -0400, Stephen Farrell wrote:

> I think i favor this approach, ideally *without* adding trust model work
> into the mix.
>
> Trying to explicitly declare a standardized trust model would be a
> mistake for the WG.  it's a huge rat hole, and a "one trust model fits
> all" approach is probably illegitimate at some deeper level, since
> different people have different adversaries.

My conclusion exactly. I wrote this up in a draft.

Some problems you want to do TOFU, some you want to have Web of Trust,
others you want hierarchies. Web of Trust would not work well for the
DoD etc. etc.


> If there's any work to be done with trust models, it would be to write a
> document that tries to describe one or more of the more common
> approaches to trust models (e.g. the GnuPG default arrangement, or
> whatever sort of TOFU mechanism that PHB thinks is what everyone
> "actually uses").

http://tools.ietf.org/html/draft-hallambaker-prismproof-trust-01

My point is that we have two separable issues.

1) What key and security policy should Alice use to contact Bob?
2) How does Alice decide she can trust the answer to 1?

OpenPGP, PKIX, SPKI, etc, etc, disagree on answers to 2. Trans makes a
difference, etc. etc. That is the research problem.

We can't and shouldn't standardize the way that we arrive at the
answer but we can agree on the delivery method.


> a) update the fingerprint format (avoid inclusion of creation date, use
>    stronger digest algorithm; i'm dubious about embedding algorithm
>    agility in the fingerprint itself, but explicit version info in the
>    fingerprint might be reasonable so we don't have to keep guessing by
>    fpr structure for future versions)

I certainly don't see a need for 'agility'. But I think we need a
version number so we can change the algorithm infrequently

If we can define the fingerprint format in a manner that is friendly
to PKIX and OpenPGP then it will make convergence a lot easier.

_______________________________________________
openpgp mailing list
openpgp@xxxxxxxx
https://www.ietf.org/mailman/listinfo/openpgp