Re: Keyrings for websites
On Thu, 8 Feb 2007 20:10, [EMAIL PROTECTED] said: > wish that UIDs were more of a key/value system (one key/value pair per You may use notations for this. They are however stored with the self-signature, so some care needs to be taken. If you need something simialr to the user ID, use the User Attribute Packet (Tag 17). It is currently only used for the photo ID but it may be extended. From the latest OpenPGP I-D: The User Attribute packet is a variation of the User ID packet. It is capable of storing more types of data than the User ID packet which is limited to text. Like the User ID packet, a User Attribute packet may be certified by the key owner ("self-signed") or any other key owner who cares to certify it. Except as noted, a User Attribute packet may be used anywhere that a User ID packet may be used. While User Attribute packets are not a required part of the OpenPGP standard, implementations SHOULD provide at least enough compatibility to properly handle a certification signature on the User Attribute packet. A simple way to do this is by treating the User Attribute packet as a User ID packet with opaque contents, but an implementation may use any method desired. The User Attribute packet is made up of one or more attribute subpackets. Each subpacket consists of a subpacket header and a body. The header consists of: - the subpacket length (1, 2, or 5 octets) - the subpacket type (1 octet) and is followed by the subpacket specific data. The only currently defined subpacket type is 1, signifying an image. An implementation SHOULD ignore any subpacket of a type that it does not recognize. Subpacket types 100 through 110 are reserved for private or experimental use. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
On Thu, Feb 08, 2007 at 05:32:30PM +0100, B??r Kessels wrote: > Hello, > > Op donderdag 8 februari 2007 15:36, schreef Joseph Oreste Bruni: > > You might want to check out "Domain Keys" which is used to > > authenticate email sessions between MTA's. > > > > Also, peer-to-peer authentication can be accomplished via X.509 > > certificates and SSL. > > Ye, I am aware of the X.509 to authenticate servers. Also I know my way > around > in the SSL "stuff". This, however, is a different thing then what I want to > achieve. I am not so much interested in secure connections, nor in > authentication, between peers. > > What I want, is a way to say 'look, I am Foo.com, and I trust Bar.com > ultimately. Since you trust me, you can trust Bar.com too'. That way one can > allow sign-ins from other trusted sites, trackbacs etc. > > Thanks for the feedback, though. Check out OpenID, although it is not cryptography based (AFAIK). Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
Alex Mauer <[EMAIL PROTECTED]> writes: > This sort of overloading of the name/comment/email fields bothers me. I > wish that UIDs were more of a key/value system (one key/value pair per As far as I understand it there are no such fields. User ID is freeform, just a string. So feel free to put in "Key: Value" or whatever you'd like to. Thomas ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
Peter Pentchev wrote: > using PGP keys (or rather, uid's) with only names, no e-mail addresses. > You could either use such keys with the hostname (or the full path to > the web application) placed directly in the "name" part of the user ID, > or develop some kind of machine-readable encoding to represent a host > name, application path, application name, or any level of detail you > feel comfortable with, and then place those in the "name" or the > "comment" part of the key's user ID. After that, proceed as usual - This sort of overloading of the name/comment/email fields bothers me. I wish that UIDs were more of a key/value system (one key/value pair per IUID), e.g. name=William Surrey, [EMAIL PROTECTED], [EMAIL PROTECTED], comment=Billy's key, alias=Bill; or name=Example's awesome wiki!, hostname=www.example.org, application=mediawiki (for the purpose given above). I'm thinking something equivalent to what vorbis comments are for ogg vorbis audio files. See http://xiph.org/vorbis/doc/v-comment.html Of course, I doubt that the OpenPGP spec allows for this sort of extensibility in the comments, or if it does that anyone's willing to implement it (or it would have been done by now). But it sure would be great if it were to happen. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
On Thu, Feb 08, 2007 at 01:03:05PM +0100, B?r Kessels wrote: > Hello, > > With the current growth of online services that talk to eachother (the > web2.0) I thought it a good idea to think about a way to determine > "trust" between the sites. > > If my site shares its spam tokens, comments, search results, tags and > pictures (etc) with a cloud of sites, it could be a good idea to > establish a trust-ring. > > I therefore thought it an interesting idea to make keys not just for > people, but for a website. That way I can sign public keys from other > sites and give them a trust weight. [snip] > > It is still an idea. And no code is made yet. But I am heavy into > Drupal (been full time developer for it for over 4 years), and I can > introduce this concept there, then hope it takes off into wordpress, > plone and other Open Source, or Closed source CMses. > > All I need is some general idea wether or not this will a) work at all > and b) is possible with gnupg, and c) if it would not 'threaten' gnug > too much. It ought to be both possible and trivial. ISTR several discussions on this mailing list, where people mentioned using PGP keys (or rather, uid's) with only names, no e-mail addresses. You could either use such keys with the hostname (or the full path to the web application) placed directly in the "name" part of the user ID, or develop some kind of machine-readable encoding to represent a host name, application path, application name, or any level of detail you feel comfortable with, and then place those in the "name" or the "comment" part of the key's user ID. After that, proceed as usual - sign the user-ID with the key itself (GnuPG should do that as part of the key generation anyway), sign it with your own key, and send the public key to the others. They should generate keys for their web apps too, sign them with their own (developers') keys, and send them to you. Then each of you establishes his own trustdb, places trust in (some of) the developers' keys, and off you go. G'luck, Peter -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This inert sentence is my body, but my soul is alive, dancing in the sparks of your brain. pgp6yO5HMcwWw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
Hello, Op donderdag 8 februari 2007 15:36, schreef Joseph Oreste Bruni: > You might want to check out "Domain Keys" which is used to > authenticate email sessions between MTA's. > > Also, peer-to-peer authentication can be accomplished via X.509 > certificates and SSL. Ye, I am aware of the X.509 to authenticate servers. Also I know my way around in the SSL "stuff". This, however, is a different thing then what I want to achieve. I am not so much interested in secure connections, nor in authentication, between peers. What I want, is a way to say 'look, I am Foo.com, and I trust Bar.com ultimately. Since you trust me, you can trust Bar.com too'. That way one can allow sign-ins from other trusted sites, trackbacs etc. Thanks for the feedback, though. Bèr -- Drupal, Ruby on Rails and Joomla! development: webschuur.com | Drupal hosting: www.sympal.nl pgpmY9BiHcGAE.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyrings for websites
You might want to check out "Domain Keys" which is used to authenticate email sessions between MTA's. Also, peer-to-peer authentication can be accomplished via X.509 certificates and SSL. Joe On Feb 8, 2007, at 5:03 AM, Bèr Kessels wrote: Hello, With the current growth of online services that talk to eachother (the web2.0) I thought it a good idea to think about a way to determine "trust" between the sites. ... Bèr -- smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Keyrings for websites
Hello, With the current growth of online services that talk to eachother (the web2.0) I thought it a good idea to think about a way to determine "trust" between the sites. If my site shares its spam tokens, comments, search results, tags and pictures (etc) with a cloud of sites, it could be a good idea to establish a trust-ring. I therefore thought it an interesting idea to make keys not just for people, but for a website. That way I can sign public keys from other sites and give them a trust weight. That way one can establish a web of trust between sites. A good way to make sure spammers don't get inbetween your comments, for example. By allowing so called trackbacks from trusted sites only, one can reduce the amount of spam greatly. By sending my tags to trusted sites only, I can make sure that not some malafide "content thief" runs off with my valuable content, yet still share it. It is still an idea. And no code is made yet. But I am heavy into Drupal (been full time developer for it for over 4 years), and I can introduce this concept there, then hope it takes off into wordpress, plone and other Open Source, or Closed source CMses. All I need is some general idea wether or not this will a) work at all and b) is possible with gnupg, and c) if it would not 'threaten' gnug too much. thanks for reading, Bèr -- Drupal, Ruby on Rails and Joomla! development: webschuur.com | Drupal hosting: www.sympal.nl pgp9Gy0ES3V0N.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users