Miscellaneous questions

Christoph Anton Mitterer Christoph.Anton.Mitterer at physik.uni-muenchen.de
Thu Apr 24 02:59:40 CEST 2008


Quoting reynt0 <reynt0 at cs.albany.edu>:
> Well, not specially (ignoring the polite grammar using the
> form of questions).  What it was is a suggestion, stated
> in third person and a first person example, why one part
> of your suggestions/opinions might not be a good fit
> with gpg.  IMHO, of course.  That's all...
Well regarding my opinion on certifications,... I think the list an I  
won't come to the same understanding in that issue (and probably lots  
of oter questions, too).

Apart from any of our rules or suggestions or whatever you call it,  
nobody can force users (the signers) to do anyting, as everyone can  
sign what he/she wants.

What I wanted to do, was a suggestion, namely: signers should look at  
the completeness of the. And if the signer thinks the name is  
incomplete, he/she should (IMHO) not sign at all, or at leas use  
perhaps a "lower" signature type (perhaps 0x12 or so; btw: gpg ignores  
this currently, doesn't it?)

Of course we could even discuss what's part of the name?! What about  
academic titles like "Dr." or "PhD", stuff from monarchy (OBE, Sir,  
Dame, HRH, Prince, etc.) religious "titles" like "PP", "Cardinal", etc.?


Despite of the fact, that it's difficutl to decide what's a complete  
name, I (= my opinion) think, that signers should have a look on  
completeness.
The reason: As a mathematicion I consider incompleteness as  
incorrectness, that's even what OpenPGP (and actually every digital  
signature system) does: If you "just" remove something from the signed  
data, signatures won't validate.

If that reason is to far away from the real world for anyone: Just  
think if VeriSign or some govermental agency would give you a  
certificate or some ID card with an incomplete name, e.g. only the  
family name, or the given name, or even just the first of the given  
names? Or would it give you a certificate of some ID card with the  
family name that you had before marriage?
It would probably not (for - in my opinion - obvious reason).

Of course this doesn not solve problems of ambiguity, but at least it  
helps a little.
That's the same with family names: When they were introduced (probably  
in the middle-ages?!) one reason surely was to solve the problems of  
ambiguity of given names.
Today there are millions of Christophs,.. but is this a reason to drop  
the family names?



What it all comes down to,... I didn't want to offend anyone on the  
list, when writing my ideas opinions (thought that this list was open  
for all ideas and so on).
If my tone was a little bit rude, I apologize myself, but it's  
somewhat frustrating, that (nearly) the only answers I get consist of  
arguments like, "nobody needs this", "this would break this and that",  
"be more conservative", "at no way try to possibly clean things up or  
give part of the standard a cleaner semantics"....




I think OpenPGP is quite widespread, neverless it might (this is only  
a might!!) face extinction.
X509/CMS is used more and more in a lot of areas, even gnupg implements it.
I think the reason for this is simply that the hierarchical trust  
model of X509 is much easier for lazy people (lazy in terms of  
security).
Of course OpenPGP is mightier in that way (a hierarchical model is  
only a subset of its web of trust), but this won't save it on a long  
term view.
As OpenPGP will always be more difficult to use (if you want to build  
a strong web of trust) I thought that we should concentrate to really  
improve and perhaps redesign OpenPG from scratch.
Stuff like clean separation between IDs and attributes and epsecially  
_more_ attributes than just name, email and photo are really needed by  
the industry.
However... it seems nearly impossible to me, that such improvements  
will find consent. :( ... that's why I'm frustrated....


Best wishes, *hoping that he has nobody offended again or started a  
senseless discussion (Robert?! ;) )*,
Chris.

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.





More information about the Gnupg-users mailing list