| gabriel rosenkoetter on 7 Feb 2004 18:14:03 -0000 |
|
On Sat, Feb 07, 2004 at 12:19:32PM -0500, David Shaw wrote: > It's interesting to me that those people who send out tokens to be > signed generally send them encrypted (I do it as well). It doesn't > hurt to encrypt, but strictly speaking, there really isn't any need to > do it either - the signature they are sending back is issed by the > primary, and when you sign a key (well, a OpenPGP key), you're binding > the user ID to the same primary key. The whole thing could be in > cleartext. Not really. Enciphering it means that they couldn't even read the message without controlling the private key. It's not known to be true of OpenPGP, but it's theoretically possible to generate a signature without access to the same private key. That may not, inherently, imply the ability to decipher messages enciphered to the public key of the real user. > Heh, actually 1.3 is already quite a bit slower than 1.2, since 1.3 > combines --rebuild-keydb-cache with --check-trustdb. Well, *I* don't care if it takes 30 minutes at this point, since I have no-auto-check-trustdb set and I run a --check-trustdb every weekday out of cron during my drive to work, but are you sure that's a good idea? > I'm still working on that and looking for ways to speed it up > before 1.4. Linear search is a killer. Remind me why this HAS to be linear? > Eventually, GnuPG is going to need a rethinking of the keyring > management. GnuPG 1.9 (will be 2.0 eventually) has a completely > different database backed system, but the 1.x branch is going to stay > with flat files a la PGP. There are better ways to handle flat files, > though. What are you using? Berkeley DB? (file(1) thinks it's "data"... because it's enciphered, I think, eh?) > The main reasons it hasn't been done is complexity (social, not code). > It would be a significant change to the current trust model which is > already barely understood. At the same time, it would bring the trust model in line with the provided UI, which is attractive. > It would also mean that the GnuPG web of > trust would differ from PGP, which is also confusing. Right, well, that's an argument for removing the trust levels entirely. Is there anything resembling this in the OpenPGP standard? > Despite this, I rather like the idea of anyone using any trust model > they like (it's one of the big strengths of OpenPGP, in my book), so > rather than implement many trust models, I've started on a system for > an "external" trust model in GnuPG. I like this approach a lot. > This is about halfway done, and should be in 1.4. I imagine less than > a hundred lines of perl could do a trust model that takes into account > strength of trust. What's the API for this look like? That is, what does GnuPG hand off for processing? (High level: I'll go look at the code when I'm ready to actually do this for myself.) -- gabriel rosenkoetter gr@eclipsed.net Attachment:
pgp5yFARZGYxs.pgp
|
|