I think Paul nails it, at least for the more aware folks around. Using the WoT to gauge anything other than confidence in choice of friends/associates is asking for trouble. See Also: Robin Sage : en.wikipedia.org/wiki/Robin_Sage manning bmanning@xxxxxxxxxxx PO Box 6151 Playa del Rey, CA 90296 310.322.8102 On 21September2015Monday, at 12:14, Paul Wouters <paul@xxxxxxxxx> wrote: > On Mon, 21 Sep 2015, John Levine wrote: > >>> OPENPGP is a data format, WoT is one way to employ that format to >>> exchange messages. It is not a *required* way to use OPENPGP. >> >> Sure, but it's the way that everyone has used PGP for 20 years, >> and it's the security model that everyone I know expects when they >> use PGP keys. > > Actually, nmost people I know never use the WoT. They only use keys > obtained directly from the person they want to exchange encrypted email > with. > >> This draft uses a model in which the key is bound to a mailbox > > openpgp keys are bound to ID's, which can ultimately end up in a > mailbox but is not required to do so. > > For instance, the gpg key used to sign fedora21 packages with an openpgp > key ID containing "fedora21@xxxxxxxxxxxxxxxxx" might not have any mailbox > associated with it. It is merely shared in the DNS under an email address, > without a mailbox or valid local-part. > >> any stronger identity, and you have to trust that the domain's >> management fairly represents its users > > Correct, the domain's management that controls either DNS or SMTP servers, > can steal a users email. > >> That's not a ridiculous model, but if >> that's the model, the draft and draft-ietf-dane-openpgpkey-usage need >> to say so. At this point, neither does. > >> From the Introduction: > > This document specifies a method for publishing and > locating OpenPGP public keys in DNS for a specific email address > using a new OPENPGPKEY DNS Resource Record. Security is provided via > DNSSEC. > > So your point is made already pretty clear in the introduction > already. Security comes from DNSSEC, so whoever controls the domain, > controls the publishing of openpgp keys. > > Section 5.2 also contains some advise. Section 7.4 also mentions this, > but not under a section title that makes that very clear. > > Some clarifications will be made, especially in the security > considerations section, to clarify this, based on the IETF LC comments. > > Thank you, > > Paul >