Hi all, I am currently writing my master's thesis titled "Complementing the Web of Trust with Affirmations" (working title), and would be interested in everybody's thoughts on the matter. I spent the better part of 2014 working on OpenKeychain with Dominik Schürmann, this thesis sort of follows up on that.
So, affirmations. Short version: An affirmation is a user attribute packet in a pgp keyring which associates that keyring with a resource on the internet. Longer version: Ever since keybase.io was revealed in early 2014, I loved their general idea of associating pgp keys with resources on the web (like everybody else I guess). What I liked less were their ideas of a centralized infrastructure, with a common namespace and proofs residing on a central repository. Keybase's proofs are semantically very close to user ids, so can't they simply be distributed together with keyrings as an extension to rfc4880? Turns out that, yes they can. Besides user ids, pgp keyrings can contain user attributes, which are treated very similarly in regards to certification. User attributes have a subtype, the only defined type of which is "JPEG". The rfc states that user attribute subtypes which are not supported by an implementation should be treated as "user ids with opaque content, but its certificates may still be verified." I checked the sks source and forged some test keyrings, and user attributes of unknown type are treated correctly[1]. So my proposal is a new user attribute subtype, which ties a resource on the web to the keyring by mutual proof of control. It can be self-certified, certified by others, revoked, and most importantly distributed via keyservers just like a regular user id. I am still in the process of doing background research and theoretical evaluation of the concept. I plan to write the standard as an internet draft, extending rfc4880, but I'm still in the process of working out a number of details. Some things will probably become more clear during the prototype implementation process, and I'm hoping to get some input here as well. I will be implementing both a standalone application and support in OpenKeychain as part of my thesis. There is a project based on the same idea called "keygraph"[2], but it never really took off. I am not aware of any serious effort to standardize or implement this, and I would be very interested in exchanging notes if someone else is working on a similar approach. To keep this mail at a reasonable size, I will write more on the technical details (i.e. packet format & proof format) as planned so far in separate mails soonish. I would love to hear general thoughts and comments (and doubts?) on the idea. - Vincent Breitmoser [1]: http://subset.pool.sks-keyservers.net/pks/lookup?op=vindex&search=0x73776167&fingerprint=on [2]: https://github.com/keygraph/
signature.asc
Description: PGP signature
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
