[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposal for new Attribute packet

To: ietf-open-pgp@xxxxxxx
Subject: Re: Proposal for new Attribute packet
From: Hal Finney <hal@xxxxxxxx>
Date: Tue, 10 Mar 1998 15:00:28 -0800
Sender: owner-ietf-open-pgp@xxxxxxx

> From hal  Tue Mar 10 14:37:28 1998
> Message-Id: <199803102151.QAA14162@xxxxxxxxxxxxxxxx>
> From: "William H. Geiger III" <whgiii@xxxxxxxxxx>
> Date: Tue, 10 Mar 98 15:48:23 -0500
Jack Repenning, <jackr@xxxxxxxxxxxx>, write:
>I'm not sure this addresses the use Hal had in mind.  An implication of
>allowing an attribute packet "wherever a userid packet may be" is that it
>can be signed by another party.  I imagine the UI he has in mind would
>allow this other party to add the attribute, rather than (or, "in
>addition to") the key owner doing so.  The end goal is (I think) the
>ability to express the meaning of your signature ... "I certify this key
>for business purposes, but I wouldn't trust this blighter with the
>personal secrets of a snail."  

That's not quite the idea, since what you are describing is more
of a qualification on your signature, rather than an attribute of
the keyholder.  The expectation is that typically attributes would be
created by the keyholder, like userids, and then be both self-certified
and also certified by other people.

As an aside, remember that signing a key/userid does not mean that
you are attesting to the trustworthiness of the keyholder.  All you
are vouching for is his identity as described in the userid packet.
So the actual sentiment quoted above is completely consistent with an
ordinary key signature.

William H. Geiger III, <whgiii@xxxxxxxxxx>, replied:

> I'm not sure I like this at all. It is one thing to allow 3rd parties to
> attach their verification of the userID of a key. It is quite another
> thing to allow then to add any information they wanted to. There are quite
> a few nasty and malicious people out there and I for one would not support
> letting them have the ability to add extra information of any kind to my
> public keys.
>
> The more I think about this the less I like it. Seems to be opening a real
> can of worms.

This is one reason the Key Server Preferences subpacket was added.
It is designed to allow the keyholder to tell key servers that he does
or does not want to allow third parties to add things to his key.

Hal

Prev by Date: Export/Import (Was: Re: Proposal for new Attribute packet)
Next by Date: Re: Proposal for new Attribute packet
Previous by thread: Re: Proposal for new Attribute packet
Next by thread: Re: Proposal for new Attribute packet
Index(es):
- Date
- Thread