Nonsense. No security model is perfect. Claiming social media connections and gpg signatures are the same thing is a logical fallacy. Personally, I've known people for year on line, but would never sign someone's key without meeting them in person. Complete apples and oranges comparison. Myself, I always have gotten keys from a keyserver, never directly from the party using the key. Scott K On September 21, 2015 7:24:10 PM EDT, manning <bmanning@xxxxxxxxxxx> wrote: >I think Paul nails it, at least for the more aware folks around. Using >the WoT to gauge anything other than confidence in choice of >friends/associates is asking for trouble. >See Also: Robin Sage : en.wikipedia.org/wiki/Robin_Sage > >manning >bmanning@xxxxxxxxxxx >PO Box 6151 >Playa del Rey, CA 90296 >310.322.8102 > > > > > > >On 21September2015Monday, at 12:14, Paul Wouters <paul@xxxxxxxxx> >wrote: > >> On Mon, 21 Sep 2015, John Levine wrote: >> >>>> OPENPGP is a data format, WoT is one way to employ that format to >>>> exchange messages. It is not a *required* way to use OPENPGP. >>> >>> Sure, but it's the way that everyone has used PGP for 20 years, >>> and it's the security model that everyone I know expects when they >>> use PGP keys. >> >> Actually, nmost people I know never use the WoT. They only use keys >> obtained directly from the person they want to exchange encrypted >email >> with. >> >>> This draft uses a model in which the key is bound to a mailbox >> >> openpgp keys are bound to ID's, which can ultimately end up in a >> mailbox but is not required to do so. >> >> For instance, the gpg key used to sign fedora21 packages with an >openpgp >> key ID containing "fedora21@xxxxxxxxxxxxxxxxx" might not have any >mailbox >> associated with it. It is merely shared in the DNS under an email >address, >> without a mailbox or valid local-part. >> >>> any stronger identity, and you have to trust that the domain's >>> management fairly represents its users >> >> Correct, the domain's management that controls either DNS or SMTP >servers, >> can steal a users email. >> >>> That's not a ridiculous model, but if >>> that's the model, the draft and draft-ietf-dane-openpgpkey-usage >need >>> to say so. At this point, neither does. >> >>> From the Introduction: >> >> This document specifies a method for publishing and >> locating OpenPGP public keys in DNS for a specific email address >> using a new OPENPGPKEY DNS Resource Record. Security is provided >via >> DNSSEC. >> >> So your point is made already pretty clear in the introduction >> already. Security comes from DNSSEC, so whoever controls the domain, >> controls the publishing of openpgp keys. >> >> Section 5.2 also contains some advise. Section 7.4 also mentions >this, >> but not under a section title that makes that very clear. >> >> Some clarifications will be made, especially in the security >> considerations section, to clarify this, based on the IETF LC >comments. >> >> Thank you, >> >> Paul >>