-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi!
On 2014-02-22 23:42, John Clizbe wrote: > Robert J. Hansen wrote: >> Daniel Kraft wrote: >>> Ok, I see.... So you don't think that Enigmail would want to >>> add some extra functionality over GnuPG's OpenPGP stuff? > > No. > >> Although I am part of Enigmail's help team, I don't have any say >> in Enigmail's future direction -- nor do I want to have a say. >> :) > > Also a team member > >> What I will say is this: historically, Enigmail has been tightly >> focused on supporting OpenPGP via use of GnuPG. That's been one >> of our strengths over the years. As soon as we open the door and >> start supporting things that are, at present, completely >> unrelated to OpenPGP, we lose our focus. > > Indeed. There is only one feature of Enigmail that I can think of > that is not dependent on GnuPG -- Per-Recipient Rules. Everything > else relies in one way or another on GnuPG. Enigmail is a front-end > to GnuPG for Mozilla-based email platforms. That's all. To borrow > from Doug McIlroy, "Do one thing and do it Ok, I get it. If that's your goal with Enigmail, I fully understand. >>> Do you think this is an extension that could eventually be >>> accepted into OpenPGP? > > Personal opinion, no. The OpenPGP standard doesn't deal with key > storage or retrieval issues. Exactly that's also my opinion (without being an expert), and that's why I thought that a place like Enigmail would be where such additional features are best implemented. Where do you suggest to add this feature then for those who are interested in key verification via Namecoin? A custom fork of Enigmail, or some other place? You suggest that it should be done higher on the protocol ladder, but this contradicts your statement above as far as I understand it. I agree that it is a fully "complementary" feature that is not a core functionality of OpenPGP at all. That's why I also think it doesn't make sense to have it in OpenPGP itself, and why my first thought was that Enigmail is a better place to implement it than the GPG core. BTW, if we managed to get Namecoin identities (or online identities based on an implementation-agnostic abstract key-value store like Namecoin) specified by an RFC or something (even if it is not OpenPGP itself), would that help? (Not sure if it is realistic, though.) > HKP (and its most widespread implementation SKS) allowing searching > by key ID or words. Key ID may by short, long or V4 fingerprint. > Words are taken from parsing the user IDs on the key, eg, my email > address parses to three words: jpclizbe, gingerbear, and net, then > add first and last names. > > Key IDs up to the fingerprint and User ID strings. Retrieval > through GnuPG (for Enigmail's purposes). Those are what is in > place. Those are the existing limitations. Each tool depends on > standards, either RFCs or a de-facto one like HKP. Note (if my original suggestion wasn't clear with respect to this) that Namecoin is *not* about *searching* the keys (at least not mainly). It is about getting the key fingerprints via a trusted channel so that they can be verified to be correct. I'm not sure how a key server based on Namecoin could solve that problem (since you would have to trust the key server, which is again a possible point of attack for a MitM). > Have you talked to the monkeysphere folks? I think they have done > some work integrating OpenPGP with the Bitcoin specs. I haven't heard about Monkeysphere before, but from a quick glance it looks like they want to use the GPG WoT to verify things like webservers and Bitcoin addresses. This is not what Namecoin (or at least my current suggestion) is about. It is instead an *alternative* to the WoT for verifying GPG keys, not an extension of the WoT. Yours, Daniel - -- http://www.domob.eu/ OpenPGP: 901C 5216 0537 1D2A F071 5A0E 4D94 6EED 04F7 CF52 Namecoin: id/domob -> https://nameid.org/?name=domob - -- Done: Arc-Bar-Cav-Hea-Kni-Ran-Rog-Sam-Tou-Val-Wiz To go: Mon-Pri -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTCcOjXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MDFDNTIxNjA1MzcxRDJBRjA3MTVBMEU0 RDk0NkVFRDA0RjdDRjUyAAoJEE2Ubu0E989SwUMP/3X5nw3IcTf1HkqvZZ4tNZ0K v1MUBPoTW5QA7F4ktA6OpHat32FRRUak963zk0fNLC6HfTHukK2wza5pb7D0d5Ki A9j8g9XUH8kHBf6VqzDQ1RJ6jlU+eXFmhttmOsAZGCU6REfNtXBds1Ov8HEYbzon 9Ui4aoXQo9LViphL9HQLMd8ZQFtwwbO2yUNfrN7BGRhyDD7mZexvS+aq5wk4loKB kmSKR8T6NncP7xjj/q5k0DQ4+sEsUXQtufQRTJBHANz0/mEsxDyH39L7qe56lDvf XVTLYNULrddYUTbaNB6F/+WuRFu4fe0F8+q184w/Jyd3EkkoyzvJEuOMdn0GhBXK WIcHuZg0bbowcsMOoRgqAVgEcUtEQlzXIMTLxVH5D00+dffPfL/lBh8EsqFWZ3LX GY3rZi2AZBWdlXlbVrJe/9IL21i/I3UF0boldhUMu3rTy//Qo1YgtITvrbo7tyvY joe5suFXNId+68mlTFW0zhC6vMhI4Yq7OXsKlLYAxgiPa8VMcss/0tRcqg2H2tUU w+8unfJouDm8T6jTBY5drfQ6CsPg7I+H5CuXKEAnz3V7B+riNAtRECT/2jtTOFAa A6d9ImuJvSTd1Oa99b7zCL8LkVA9ePU9FJoQPqhms94XkT4kbHZbMRKoWvOw9Vly /2f9FTqAy3fGjfv2Sy9+ =ZDDV -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
