Re: PGP security models, was Summary of IETF LC for draft-ietf-dane-openpgpkey

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9/23/2015 4:39 PM, Sam Hartman wrote:
> So, if you care at all about trust,  you then the trust you can assign
> to a key just because you got it from a key server (approximately zero)
> is very likely to be insufficient for any use 
...
> We're arguing about whether the implicit signature from the domain owner
> raises the location-based trust enough above zero to be useful even if
> you don't have prior knowledge of the domain's policies etc.
> 
> I think John is also arguing that he'd like to change the key servers to
> have some location-based trust. 


The current draft was essentially cast as 'merely' providing an
alternative venue for finding keys.  That's a distinct, useful function.

However it appears that some folk have conflated this other, deeper
function, of imparting trust to the key, using a model that is
fundamentally different than established OpenPGP practice.

It's fine to consider alternative models, especially when established
practice has a long history of failing to scale well.  What is not so
fine is having the model be promulgated with little-to-no consideration.

My own view is that task of finding keys should be treated entirely
independently of supplementing/replacing the trust model.  That means
the current work should consider DNSSec irrelevant and ensure that the
retrieved DNS records have utility equivalent to what it retrieved from
an existing key server.

d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]