Re: Terminology - certificate or key ?

2016-10-08 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 4 October 2016 at 4:55:30 PM, in
, Heinz Diehl wrote:-



> The left one is a modular padlock, and the one in the middle is an
> integrated padlock. According to one of my friends who is a native
> en_GB speaker.

As a native en_GB speaker I had never heard those terms. A quick
internet search lead me to [0].

 "And while this was happening Yale was creating the first
 modular padlock (up until this point all padlocks had used
 integrated locking mechanisms). These new modular locking
 mechanics allowed the locks to be serviced and rekeyed
 because all components could be removed and reconstructed."


[0] 


- --
Best regards

MFPA  

Don't ask me, I'm making this up as I go!
-BEGIN PGP SIGNATURE-

iL4EARYKAGYFAlf4xQFfFIAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDMzQUNFRDRFRTkxMzRFRUJERTZBODUwNjE3
MTJCQzQ2MUFGNzc4RTQACgkQFxK8Rhr3eORtbgD/SdtqmwhRwikMctU60kBlV1uL
25LDktr9ROYwIiLGz1EA/RxrxAt5sge054QBLQYhVfd9NquFYPGkGfANZcyRHjgB
iQF8BAEBCgBmBQJX+MUVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwFtcH+wYIrS/sAk2+J/pVnK7o6oQR
tdFhFSUMvKuO/fQpliCSKRabYn1MOOsLA8ph06FF+mgdMrkTkyacNBbld7kaoL3b
VikeQk38+7RezBL7eBhkz+wthUPmLQNoBuI7jtgpM1aJTd3XTxmUmrl8PeAvwXp9
IMJNRqXsepdKBfCRxM2OHwo4rvJ4dWJME8ckYLRrKL6MKYSGju2veBtYiwOm/TIp
MXB115KgbM3Xaym2IMM7GZIJ9V3rux9T4zFmqfSfS31AryFohUWKwGZunckSUzLk
lKDpWeZdC9QTJVAVrKbL5cXsdvF7Q85f8MlGTbhUGb1kP7yjdaBvtHcZA8lsrsM=
=RnKK
-END PGP SIGNATURE-


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-04 Thread Heinz Diehl 
On 03.10.2016, Werner Koch wrote: 

> We would call the left one a "normales Vorhangeschloss" (simple
> padlock).  But the middle one is known as a "Schappschloss" - referring
> to the feature that you do not need a key to lock it.

The left one is a modular padlock, and the one in the middle is an
integrated padlock. According to one of my friends who is a native
en_GB speaker. Not shure if this helps, though. I guess most languages
simply use "padlock" for both types. Haengeschloss in German,
hengelås in NO, hänglås (SE), hængelås (DK)..


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-03 Thread Werner Koch 
On Mon,  3 Oct 2016 18:34, richard.hoechenber...@gmail.com said:

> :) But maybe I'm simply too young, the padlock-without-Schnappschloss
> type appears to be kind of ancient?

Heavy duty padlocks require a key for locking; you may have seen them
used to lock a motorbike.  The description at [1] lists this as a
feature:

  Schließzwang: Verriegelung nur mit Schlüssel (Schlüssel kann bei
  geöffnetem Zustand nicht abgezogen werden)



Salam-Shalom,

   Werner


[1] 


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpAaGBeJ1vLs.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-03 Thread Richard Höchenberger 
On Mon, Oct 3, 2016 at 4:14 PM, Werner Koch  wrote:
> Here are two padlocks:
>
>   
> 
>
> We would call the left one a "normales Vorhangeschloss" (simple
> padlock).  But the middle one is known as a "Schappschloss" - referring
> to the feature that you do not need a key to lock it.

Growing up in (East) Germany myself, I've never, ever, heard or read
this word before. I always assumed all padlocks would lock without a
key, hence be "Schnappschlösser". Never seen or handled anything else.
:) But maybe I'm simply too young, the padlock-without-Schnappschloss
type appears to be kind of ancient?

Cheers,

Richard

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-03 Thread Werner Koch 
On Sun,  2 Oct 2016 12:44, j...@berklix.com said:

> Schnappschloss seems to be a wide word covering all sorts,

It might be that there are regional differences in Germany.  May be even
more here, close to the traditional area of lock fabrication.

Here are two padlocks:

  


We would call the left one a "normales Vorhangeschloss" (simple
padlock).  But the middle one is known as a "Schappschloss" - referring
to the feature that you do not need a key to lock it.

So it seems, the term "lock" works only along with a picture.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp9l0jklyjWr.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-03 Thread Daniel Kahn Gillmor 
On Sun 2016-10-02 13:48:01 -0400, Michael A. Yetto wrote:
> I thought what might be meant is what I have always referred to as a
> slam lock. That is, a locking mechanism that stays locked after opening
> from the inside and locks itself after closing from the outside.

as a native en_US-speaker, I can confirm that the most precise term here
is "slam lock".  however, i've found that term is not particularly
widely-known or understood, which probably makes it a bad choice for
explanatory metaphor :(

fwiw, i disagree with Werner that X.509 certificates and OpenPGP
certificates are radically different.  There are differences for sure --
chief among them the composability (and decomposability) of OpenPGP
certificates, as well as their multi-issuer nature.  But conceptually
both formats provide transferable, cryptographically-verifiable
assertions about bindings between identities, capabilities, and public
key material.  This is roughly what "certificate" means to most people,
and that's the right term to use in my opinion.

--dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-02 Thread Michael A. Yetto 
On Sun, 02 Oct 2016 12:44:16 +0200
"Julian H. Stacey"  wrote:

>https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056809.html
>> Frankly, I did not know how to translate the German term
>> "Schnappschloss".  I had in mind that a "latch" is similar to a
>> "deadbolt".  
>
>Heinz Diehl wrote:
>> Visualising a picture of what is meant by the German term, I would
>> intuitively translate it to something like a hasp, a snap lock or
>> even a spring lock. And you're right, I also heard the term latch
>> lock.  
>
>https://de.wikipedia.org/wiki/Schnappschloss is empty.
>
>Schnappschloss seems to be a wide word covering all sorts,
>English has more words than German, so probably a selection of pictures
>offers best way to choose best word for the function.
>
>A latch is not similar to a deadbolt though. 
>A latch is weaker.
>A latch is spring loaded, or gravity assisted.
>
>https://www.google.de/?gws_rd=ssl#q=Schnappschloss ...  Pictures
>The silver, one from right end, is a snap lock. 
>The brass at far right is a latch.
>
>http://www.ebay.de/bhp/schnappschloss
>http://www.ebay.de/itm/Oberlichtschnaepper-Edelstahl-Optik-Federriegel-Schnappschloss-Fensterschloss-/331887421951
>"Latch"
>
>http://www.ebay.de/itm/4-x-Schnappschloss-mit-Ose-gross-97x50-mm-Kistenverschluss-Spannverschluss-/360829984297
>"Snap lock" 
>  May be OK, or maybe Catch, (I'd be happier with the word Lock if
>  that picture also had a tiny hole for a key (as mine does, crappy
>  key but it is then a primitive lock.
>
>http://www.ebay.de/itm/2pcs-3-Spannverschluss-Kofferverschluss-Kistenverschluss-Schnappschloss-Latch-/351691384246
>"Hasp"
>
>http://www.diy.com/departments/blooma-galvanised-steel-tower-bolt-l102mm/307467_BQ.prd
>http://www.diy.com/departments/yale-deadlock/
>http://www.ebay.com/itm/15-2cm-ZOLL-TURM-BOLZEN-TURSCHLOSS-SCHUPPEN-GARTEN-TUR-/301978902053
>"Dead bolts"
>
>PS Wouldnt suprise me if British & American & other speakers of
>English had different words for some of those things.  (I'm English
>but decades in Germany so not always entirely certain translating back)
>
>

I think that was my cue.

I thought what might be meant is what I have always referred to as a
slam lock. That is, a locking mechanism that stays locked after opening
from the inside and locks itself after closing from the outside.

It is an easy way to lock yourself out of your car with the engine
running if you just had the door replaced and the new one has a slam
lock while the old one didn't.

Mike "not that this ever happened to me" Yetto
-- 
"If your belief system is not founded in an objective reality, you
should not be making decisions that affect other people."
 - Neil deGrasse Tyson


pgpibjZCi_flB.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-02 Thread Julian H. Stacey 
https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056809.html
> Frankly, I did not know how to translate the German term
> "Schnappschloss".  I had in mind that a "latch" is similar to a
> "deadbolt".

Heinz Diehl wrote:
> Visualising a picture of what is meant by the German term, I would
> intuitively translate it to something like a hasp, a snap lock or even
> a spring lock. And you're right, I also heard the term latch lock.

https://de.wikipedia.org/wiki/Schnappschloss is empty.

Schnappschloss seems to be a wide word covering all sorts,
English has more words than German, so probably a selection of pictures
offers best way to choose best word for the function.

A latch is not similar to a deadbolt though. 
A latch is weaker.
A latch is spring loaded, or gravity assisted.

https://www.google.de/?gws_rd=ssl#q=Schnappschloss  ...  Pictures
The silver, one from right end, is a snap lock. 
The brass at far right is a latch.

http://www.ebay.de/bhp/schnappschloss
http://www.ebay.de/itm/Oberlichtschnaepper-Edelstahl-Optik-Federriegel-Schnappschloss-Fensterschloss-/331887421951
"Latch"

http://www.ebay.de/itm/4-x-Schnappschloss-mit-Ose-gross-97x50-mm-Kistenverschluss-Spannverschluss-/360829984297
"Snap lock" 
  May be OK, or maybe Catch, (I'd be happier with the word Lock if
  that picture also had a tiny hole for a key (as mine does, crappy
  key but it is then a primitive lock.

http://www.ebay.de/itm/2pcs-3-Spannverschluss-Kofferverschluss-Kistenverschluss-Schnappschloss-Latch-/351691384246
"Hasp"

http://www.diy.com/departments/blooma-galvanised-steel-tower-bolt-l102mm/307467_BQ.prd
http://www.diy.com/departments/yale-deadlock/
http://www.ebay.com/itm/15-2cm-ZOLL-TURM-BOLZEN-TURSCHLOSS-SCHUPPEN-GARTEN-TUR-/301978902053
"Dead bolts"

PS Wouldnt suprise me if British & American & other speakers of
English had different words for some of those things.  (I'm English
but decades in Germany so not always entirely certain translating back)

Cheers,
Julian
--
Julian Stacey, BSD Linux Unix Sys Eng Consultant Munich
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#stolen_votes

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-01 Thread Heinz Diehl 
On 01.10.2016, Werner Koch wrote: 

> Frankly, I did not know how to translate the German term
> "Schnappschloss".

Visualising a picture of what is meant by the German term, I would
intuitively translate it to something like a hasp, a snap lock or even
a spring lock. And you're right, I also heard the term latch lock.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-01 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Saturday 1 October 2016 at 6:45:51 PM, in
, Werner Koch wrote:-



> Frankly, I did not know how to translate the German term
> "Schnappschloss".  I had in mind that a "latch" is similar to a
> "deadbolt".


For latch, the Oxford dictionary gives "A metal bar with a catch and
lever used for fastening a door or gate" as the primary use. A
secondary meaning is "A spring lock for an outer door, which catches
when the door is closed and can only be opened from the outside with a
key."


- --
Best regards

MFPA  

Coffee doesn't need a menu, it needs a cup.
-BEGIN PGP SIGNATURE-

iL4EARYKAGYFAlfwCClfFIAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDMzQUNFRDRFRTkxMzRFRUJERTZBODUwNjE3
MTJCQzQ2MUFGNzc4RTQACgkQFxK8Rhr3eOQkawEAppG/RiB1M5Jy5afKUiEcVTiM
FvOzhKnZlMinYA+qdpwBAOW3e1t6tHubrAnYqV87FcNflEzh9N/E7e69WVHDeaQP
iQF8BAEBCgBmBQJX8Ag7XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw7psH/RlbSNsaf6buLFk6KA1zJRzS
Fv9fYG/Q5DRH9C8e2ICjHvkTtjzDgSuzggq3mwvZjaUaLiMWhshkN9hicFifJbsj
CokF7GCXmRGmpHek1r4AksA5n34ys1arWh+jfHRQUfzspVEt3TEwj89bNJiAwcqX
U1aZO05KwTD4aN4Z0aw6vB16sq5WZVucc5gpbBF1DmCjQP5/fhKAC6pzxN6omrIq
lhyRKuP1iIlhyHPcqdgcnV8I3RDRXBTfHWJuMWcdRpqd7O1phgcc6rWiVY4VADLl
S2w2PmLah/Ma75i0JDemZZ1K35SDjHCe8XymjNu/Iu4KPyeUTlcVVWw6iT3UEUE=
=9j8Q
-END PGP SIGNATURE-


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-01 Thread Werner Koch 
On Fri, 30 Sep 2016 18:50, andr...@andrewg.com said:

> with the same key. "Latch and key" is the best analogy I know of to

Frankly, I did not know how to translate the German term
"Schnappschloss".  I had in mind that a "latch" is similar to a
"deadbolt".


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpRCYVlxP7Ct.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-10-01 Thread Werner Koch 
On Fri, 30 Sep 2016 17:30, ine...@gnu.org said:

> There is one more: "secret key".

Well, I like "secret key" because "secret" stands out when reading
source code or text.  "private" and "public" are two similar and when it
comes to naming variables sk and pk or seckey and pubkey are easier to
distinguish that, well, what?


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpeSQppNlE93.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Andrew Gallagher 
The problems always start with the words "public key"...

On 30/09/16 15:22, Werner Koch wrote:
> 
> So for example "lock" and "private key" may be better.

"Lock and key" works for symmetric crypto, because you lock and unlock
with the same key. "Latch and key" is the best analogy I know of to
public key crypto, because anyone can pull a latch closed, but you need
the key to open it again.

It's true that the term "certificate" can imply an unwarranted level of
authority - but that's also true of most things in the real world that
we call "certificates", so I don't think the problem is entirely in the
terminology...! ;-)

Another problem with the signature analogy is that you don't sign with
a "key" in the real world -- but there are other physical objects that
you can "sign" with, such as a signet ring, which is a more intuitive
analogy than "private key". But then what is the "public key" in this
analogy?

There just isn't anything in the physical world that works as a
watertight analogy for the underlying mathematics. The fact that the
same process can be used (with subtle differences) in *both directions*
is where all known analogies come completely unglued...

A




signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Ineiev 
On Fri, Sep 30, 2016 at 04:22:39PM +0200, Werner Koch wrote:
> 
> The root of the problem might be the concept of "public key" and
> "private key".  You need to educate users that these are very different
> things but still belong together.

There is one more: "secret key".


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Mirimir 
On 09/30/2016 08:24 AM, Robert J. Hansen wrote:
>> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)
> 
> You are technically correct (the best kind of correct!) [1] -- no, wait!  
> That's "key block", not "keyblock"!
> 
> I'm more technically correct!  I win!  :)
> 
> In all seriousness, the only context in which I've seen "key block" has been 
> the beginning of an armored certificate, and I've literally never seen 
> "keyblock", nor have I ever heard anyone call their certificate a "keyblock" 
> or "key block" outside of the narrow context of "look for -BEGIN PGP 
> PUBLIC KEY BLOCK-".
> 
> [1] https://www.youtube.com/watch?v=hou0lU8WMgo

Well, it's a "key" in a block, with regular line breaks.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Kristian Fiskerstrand 
On 09/30/2016 04:24 PM, Robert J. Hansen wrote:
>> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)
> 
> You are technically correct (the best kind of correct!) [1] -- no,
> wait!  That's "key block", not "keyblock"!
> 
> I'm more technically correct!  I win!  :)
> 
> In all seriousness, the only context in which I've seen "key block"
> has been the beginning of an armored certificate, and I've literally
> never seen "keyblock", nor have I ever heard anyone call their
> certificate a "keyblock" or "key block" outside of the narrow context
> of "look for -BEGIN PGP PUBLIC KEY BLOCK-".
> 

I for one try to make the distinction, you'll find it back to my signing
policy document[0] (that hasn't been updated for a very long time.., but
doesn't seem like people care too much about things like this today so I
should remove it): "The signed keyblock is uploaded to a randomly chosen
set of keyservers. The signee may hint on what key server or choose to
receive it through mail instead."

References:
[0] https://sumptuouscapital.com/pgp/
-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"If you are successful, you may win false friends and true enemies.
Succeed anyway."
(Mother Teresa)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Terminology - certificate or key ?

2016-09-30 Thread Robert J. Hansen 
> I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)

You are technically correct (the best kind of correct!) [1] -- no, wait!  
That's "key block", not "keyblock"!

I'm more technically correct!  I win!  :)

In all seriousness, the only context in which I've seen "key block" has been 
the beginning of an armored certificate, and I've literally never seen 
"keyblock", nor have I ever heard anyone call their certificate a "keyblock" or 
"key block" outside of the narrow context of "look for -BEGIN PGP PUBLIC 
KEY BLOCK-".

[1] https://www.youtube.com/watch?v=hou0lU8WMgo


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Werner Koch 
On Fri, 30 Sep 2016 14:46, r...@sixdemonbag.org said:

> https://www.gpg4win.org/doc/en/gpg4win-compendium_12.html

We had a long discussion many years ago on how to name the beast.  The
compendium somewhat prioritizes S/MIME and thus we tried to unify the
terms by using "certificate" also for OpenPGP.  I think that experiment
failed because it mixes two entirely different concepts.

The root of the problem might be the concept of "public key" and
"private key".  You need to educate users that these are very different
things but still belong together.  Many users only notice "key",
associate that with password, and notice the passphrase they use to
unprotect the private key.

So for example "lock" and "private key" may be better.  But we can't
change that anymore, as the train left the station a long time ago.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpu8UeW0KZ4B.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Kristian Fiskerstrand 
On 09/30/2016 02:46 PM, Robert J. Hansen wrote:
>> In OpenPGP this is called a "keyblock".
> 
> Where can I find this usage documented?  In almost 25 years in the PGP
> community I've heard the word "key" used >95% of the time, "certificate"
> <5% of the time, and this is literally the first time I've heard the
> word "keyblock".
> 

I'd start with -BEGIN PGP PUBLIC KEY BLOCK- :)

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Ubi mel ibi apes
Where there's honey, there are bees



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Robert J. Hansen 
> In OpenPGP this is called a "keyblock".

Where can I find this usage documented?  In almost 25 years in the PGP
community I've heard the word "key" used >95% of the time, "certificate"
<5% of the time, and this is literally the first time I've heard the
word "keyblock".

Also see:

https://www.gnutls.org/manual/html_node/OpenPGP-certificates.html
https://www.gpg4win.org/doc/en/gpg4win-compendium_12.html
http://www.pgpi.org/doc/pgpintro/
https://tools.ietf.org/html/rfc6091

All of these are well-respected authorities (Gnutls, GnuPG, PGP
Corporation, and the IETF) using the certificate terminology.

I have been unable to find reputable uses of "keyblock" in a five-minute
Google search.  If this is the officially approved language, could you
please point me to where it's documented?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Peter Lebbing 
On 29/09/16 17:17, Robert J. Hansen wrote:
> I have to admit to being extremely annoyed with the state of the language we 
> use.

IMO, TOFU has just made it even worse.

I tried to be really strict, talk about ownertrust and validity. Always trying
to keep them separate. Personally avoiding the word "trust" without the "owner-"
prefix.

Then we get Trust On First Use, which... increases or establishes validity of a
key on the first use...

Ugh.

I suppose, in this case, that's what you get when you import a term from outside
of the ecosystem. If invented here, it would be Validity On First Use.

Peter.

PS: A while ago I said "I think it might be worth it to file a bug report if you
see the word 'trust' used for validity in the official documentation that
accompanies GnuPG." Then I read the new documentation on TOFU, and mentally
tagged it WONTFIX. It's just undoable with that terminology.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread Werner Koch 
On Thu, 29 Sep 2016 12:23, gn...@jelmail.com said:

> * A Public-Key packet starts a series of packets that forms an OpenPGP
> key (sometimes called an OpenPGP certificate).

In OpenPGP this is called a "keyblock".  The term certificate is used
only for some special thinks (revocation certificate).  Certificate also
has the bad connotation that a third party issues this; which is not the
case for common OpenPGP use cases

An OpenPGP keyblock is very different from an X.509 certificate.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpjxUOT04usK.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread John Lane 

> [1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07712.html
> 
> [2] ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf
> 
Great link [1], very interesting. I think the language used hasn't
helped the uptake of this technology. The other thing mentioned in there
is trust vs validitity which made my head spin more than my grandad's
Poitín! [2] is on my reading list now :)


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-30 Thread John Lane 
> I have to admit to being extremely annoyed with the state of the language we 
> use.  OpenPGP is hard enough to learn without having to be confused by 
> multiple names for the same algorithms, confusing usage of "certificate", 
> "key", and "Key", and every other bit of linguistic tomfoolery we seem to 
> have accumulated.

I agree wholeheartedly with this sentiment. Thanks for confirming what I
hoped was the case.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Terminology - certificate or key ?

2016-09-29 Thread Robert J. Hansen 
> It seems there is, according to one of the authors of RFCs 2440 and
> 4880. Apparently, at the time they were told by the IETF to avoid
> speaking of "certificates" so that OpenPGP would not seem to rivalize
> with PKIX...

For related reasons, GnuPG and PGP have different names for some of the same 
algorithms.  What GnuPG calls Elgamal, PGP calls Diffie-Hellman.  The correct 
name is Elgamal, but waybackwhen PGP had a licensing agreement with ... 
blanking on the company ... which offered them a reduction in licensing fees if 
they'd call it Diffie-Hellman instead.  PGP wanted the reduced licensing fees 
so they went along with the misnaming, and now the misnaming is so entrenched 
in the PGP community that it would be impractical for them to change the name, 
even though there's no longer a business case for calling it Diffie-Hellman.

Likewise with SHA-x.  The family of modern SHAs is called SHA-2, and specific 
hashes within SHA-2 are called SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, 
and SHA-512/256.  (GnuPG implements -224, -256, -384, and -512; it does not 
implement -512/224 or -512/256.)  GnuPG calls these hashes by their correct 
NIST nomenclature.  PGP insists on calling them "SHA-2-256", "SHA-2-512", and 
so on.

I have to admit to being extremely annoyed with the state of the language we 
use.  OpenPGP is hard enough to learn without having to be confused by multiple 
names for the same algorithms, confusing usage of "certificate", "key", and 
"Key", and every other bit of linguistic tomfoolery we seem to have accumulated.



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-29 Thread Damien Goutte-Gattat 

On 09/29/2016 12:23 PM, John Lane wrote:

I was just wondering whether I've misunderstood


No, you understood well. What we commonly call an "OpenPGP public key" 
should really be called, strictly speaking, an "OpenPGP certificate". 
And "signing a key" is really "certifying" the binding between a (true) 
public key and an user ID.




or if there is some historic reason for my confusion.


It seems there is, according to one of the authors of RFCs 2440 and 
4880. Apparently, at the time they were told by the IETF to avoid 
speaking of "certificates" so that OpenPGP would not seem to rivalize 
with PKIX [1].


Network Associates did not have this concern, and in their "Introduction 
to Cryptography" [2] they clearly talk about "PGP certificates" instead 
of "PGP public keys".


Damien


[1] http://www.ietf.org/mail-archive/web/openpgp/current/msg07712.html

[2] ftp://ftp.pgpi.org/pub/pgp/6.5/docs/english/IntroToCrypto.pdf



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Terminology - certificate or key ?

2016-09-29 Thread Robert J. Hansen 
> I was reading the FAQ and noticed that it uses the word 'certificate' to
> describe what I think people commonly refer to as their 'key' (ref
> gnupg-faq.html section 7.4 and 7.5) that they would upload to a 'key
> server'.

"Certificate" is the correct word, but "key" has historically also been
used and has a tremendous amount of inertia behind it.

A certificate contains one or more keys as well as supporting metadata,
like user IDs, signatures, and so on.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users