adding TOFU/POP to GnuPG
Robert J. Hansen
rjh at sixdemonbag.org
Fri Mar 14 19:38:18 CET 2014
Quoting Daniel Kahn Gillmor <dkg at fifthhorseman.net>:
> GnuPG does not limit itself to the RFCs, particularly when it comes to
> its role as a keyring/contact manager for OpenPGP.
Correct, but this is for historical reasons. When GnuPG was in a
pre-1.0 state, Werner made the (entirely reasonable) decision that
GnuPG should as far as possible be a drop-in replacement for PGP.
That meant emulating all of PGP's feature set, including the key
management that had organically grown in the PGP community since 1992.
There is no historical reason to support TOFU/POP. We're talking
about adding significant complexity and a nontrivial amount of code
for something which at present has minimal community demand.
If a different trust mechanism than the WoT existed in 1992 and had
become GnuPG's preferred system today, and someone came on-list saying
"hey, I have an idea: let's do the WoT," I'd also say, "no, let's not:
this is not within the remit of OpenPGP, and I think GnuPG is
strongest when it stays close to the RFCs."
> If GnuPG wasn't already in the business of doing these validity
> calculations, there might be more merit in Robert's argument, but in
> practice, this is one of the core features of the tool. So any
> consideration about extending or modifying user ID validity calculations
> is *definitely* in-scope for GnuPG.
I emphatically disagree. Just because we have inherited one set of
historical baggage is not a sufficient reason to believe we should
introduce new things in that same vein.
More information about the Gnupg-devel