OPENPGP URI PROPOSAL
Hugo Osvaldo Barrera
hugo at barrera.io
Fri May 22 00:46:52 CEST 2015
On 2015-05-21 15:21, Daniel Kahn Gillmor wrote:
> On Thu 2015-05-21 11:59:07 -0400, mofo syne wrote:
> > You might see a few copies around. This one is edited and streamlined with
> > some advice from Hasimir to help keep this proposal focused. This is
> > mirrored in here
> > <http://www.reddit.com/r/GnuPG/comments/36lmih/i_wonder_if_there_is_a_gpg_uri/>
>
> This proposal appears to be trying to do a lot of different things. I'm
> not convinced that they are all reasonable goals, or that gnupg-users is
> the right mailing list to discuss them on. The openpgp at ietf.org is a
> mailing list where different people discuss the standard in general.
>
> The example you give toward the end of the spec (uri handlers in web
> browsers) is an important example for arguing why something like this is
> concretely useful. Have you tried to implement this? Can modern web
> browser handlers work with arbitrary length data? When i try to trigger
> a local handler for an unknown schema in iceweasel (firefox) i see this
> message:
>
Modern browsers can handle this. Some websites embed base64 uri-encoded images
of several kb in length and all browsers handle this properly.
> --------------
> The address wasn't understood
>
> Iceweasel doesn't know how to open this address, because one of the following protocols (openpgp) isn't associated with any program or is not allowed in this context.
>
> You might need to install other software to open this address.
> --------------
>
> with no option to choose an external handler or anything.
>
The same happens with several other quite standard protocols. Even some of
those listed on rfc3986. This is a firefox issue, IMHO.
This is configured via about:preferences#applications, since firefox does not
respect OS settings in this aspect at all.
> Chromium, on the other hand, offers to launch "xdg-open" with that URL
> as the parameter, which fails because no handler is registered for the
> scheme in question. Is this the intended mechanism, or something else?
>
> > openpgp://pubkey;version:GnuPG+v2;!base64::<base64 data>
>
That sounds like the expected behaviour if there's no registered handler. The
same would happen with things like "mailto:" if you had none.
> There is already a vCard spec for a full pubkey -- though you might
> actually mean "transferable public key" or OpenPGP certificate:
>
> https://tools.ietf.org/html/rfc6350#section-6.8.1
>
Yeah, this seems to invalidate the strongest use-case for this specification.
> > openpgp://msg;version:GnuPG+v2;!base64::<base64 data>
>
> When is this useful?
>
> > openpgp://sigmsg;hash:SHA1;sig:<base64>;!::<percent encoded message>
>
> what about a message that is both signed and encrypted? how should it
> be represented?
>
> > * Embedded in NFC or 2D barcode for physical messages in posters that is
> > able store encrypted messages, public keys, or signed messages. Other than
> > posters, it also allows for easier transferring of openpgp messages via NFC
> > or 2D barcodes between a webbrowser in a cybercafe to a smartphone.
>
> These seem more likely to be handled by vCard or some similar approach
> to me.
>
On some scenarios. But we need some sort of glue to import something from a
vCard into gnupg's keyring. I don't think we need a new spec for this though.
> > openpgp://fprint;name:clark+kent;::43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
> >
> > openpgp://fprint;::43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
>
> These fingerprints are only 128 bits long, which matches the OpenPGPv3
> fingerprint format. OpenPGPv4 fingerprints are 160 bits long, and any
> new fingerprint standard might be longer still.
>
> Your proposal here doesn't mention any sort of versioning for
> fingerprints, or take into account other concerns.
>
> A large discussion about fingerprint encodings for low-bandwidth
> transmission can be found here:
>
> https://github.com/open-keychain/open-keychain/issues/1281
>
> hth,
>
> --dkg
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
Hugo Osvaldo Barrera
A: Because we read from top to bottom, left to right.
Q: Why should I start my reply below the quoted text?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: </pipermail/attachments/20150521/aff84c0d/attachment.sig>
More information about the Gnupg-users
mailing list