Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>>> "Dave" == Dave Crocker <dcrocker@xxxxxxxx> writes:

    Dave> On 9/23/2015 3:00 PM, Sam Hartman wrote:
    >> Yeah, but I believe for most users the only reasonable default
    >> for things you get from the key servers is don't trust without
    >> additional evidence.


    Dave> I'm confused by this thread.

    Dave> I thought that the /essence/ of the PGP model was that the key
    Dave> servers were merely convenient locations but /not/ 'trusted'
    Dave> locations.  That is, all the validation and trust are based on
    Dave> object-related data and not location-related.

Correct.
So, if you care at all about trust,  you then the trust you can assign
to a key just because you got it from a key server (approximately zero)
is very likely to be insufficient for any use to which you might like to
use that key.  So, you'll have to validate the signatures, consider
them, and think about object trust.

We're arguing about whether the implicit signature from the domain owner
raises the location-based trust enough above zero to be useful even if
you don't have prior knowledge of the domain's policies etc.

I think John is also arguing that he'd like to change the key servers to
have some location-based trust.  I'm sure I mostly don't want that for
the standard key servers, but something new that was sort of like a key
server but had some location-based trust might have some value.  We
might even call it a directory, even if we didn't use LDAP.




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]