Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

Harald Alvestrand <harald@xxxxxxxxxxxxx> · Wed, 23 Sep 2015 07:34:16 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/22/2015 04:44 PM, Joe Abley wrote:
> Hi Paul,
>
> On 21 Sep 2015, at 15:14, Paul Wouters wrote:
>
>> On Mon, 21 Sep 2015, John Levine wrote:
>>
>>>> OPENPGP is a data format, WoT is one way to employ that format to
>>>> exchange messages.   It is not a *required* way to use OPENPGP.
>>>
>>> Sure, but it's the way that everyone has used PGP for 20 years,
>>> and it's the security model that everyone I know expects when they
>>> use PGP keys.
>>
>> Actually, nmost people I know never use the WoT. They only use keys
>> obtained directly from the person they want to exchange encrypted email
>> with.
>
> I think most people who use any trust model use the WoT, because
that's what the common implementations make easy.
>
> I think most people don't use any useful trust model, though. I see a
lot of "send me your public key in plain text so I can talk privately
about this thing", but no appreciation for the threat models in such a
key exchange.
This is actually a very rational model. It reduces the attack surface to
one leap of faith - which has been very successful for SSH.

I keep a keystore on all my mailers, but haven't bothered to build any
trust networks recently. This will allow me to detect certain kinds of
attacks (damaged messages, multiple keys claiming to be for the same
person) without causing me to spend time managing my keystore.

For me, that's a reasonable tradeoff.