first-party attestations of third-party certifications (1pa3pc) in gnupg

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Sep 1 13:51:44 CEST 2019


It would be great if GnuPG could manage first-party attestations of
third-party certifications (1pa3pc) as documented in
https://gitlab.com/openpgp-wg/rfc4880bis/merge_requests/20.

Attached is a proposal for how the UI/API of GnuPG might enable this.
i've also recorded this as https://dev.gnupg.org/T4694/, in the hopes
that we can get something like this working.

The baseline attestation functionality was fairly straightforward to
implement in PGPy, and i'd be happy to collaborate on this if we can get
the functionality into some version of GnuPG.

          --dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpg-attestations.md
Type: text/markdown
Size: 5371 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190901/7e5ef98e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190901/7e5ef98e/attachment.sig>


More information about the Gnupg-devel mailing list