From 87dd27f2768e1da3bc04d169335b0053bcc25816 Mon Sep 17 00:00:00 2001 From: "Tammi L. Coles" Date: Fri, 16 Feb 2024 12:06:23 +0100 Subject: [PATCH] edit unbound user ids section and move into challenges section --- book/source/adv/certificates.md | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/book/source/adv/certificates.md b/book/source/adv/certificates.md index dbeba67..7e8dbb1 100644 --- a/book/source/adv/certificates.md +++ b/book/source/adv/certificates.md @@ -281,16 +281,6 @@ Once the expiration time is reached, third parties, or ideally their OpenPGP sof After the update, the updated copy of the certificate will usually have a fresh expiration time. The same procedure will repeat once that new expiration time has been reached. -(unbound-user-ids)= -## Adding unbound, local User IDs to a certificate - -Some OpenPGP software may add User IDs to a certificate, which are not bound to the primary key by the certificate's owner. This can be useful to store local identity information (e.g., Sequoia's public store attaches ["pet-names"][PET] to certificates, in this way). - -[PET]: https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model - -Sequoia additionally certifies these "local, third party, User IDs" with a local trust anchor to facilitate local authentication decisions. -To prevent accidental publication of these local User IDs (e.g. to public keyservers), Sequoia marks these binding signatures as "local" artifacts using [Exportable Certification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-exportable-certification) subpackets to mark them as non-exportable. - ## Challenges in certificate management The management of OpenPGP certificates encompasses various challenges, ranging from security vulnerabilities to privacy concerns. This section addresses some of the most significant challenges and the responses developed by the OpenPGP community to mitigate these issues. @@ -322,4 +312,11 @@ The OpenPGP Web of Trust, built on third-party certifications, allows OpenPGP so However, this model inadvertently risks exposing users' social graphs, revealing who trusts whom and potentially sensitive interaction patterns based on certification patterns and signature timestamps. Such metadata leaks can have significant privacy implications, allowing for the reconstruction of a network of relationships from publicly available certification data. This information could be exploited for surveillance or other malicious purposes. -Efforts to mitigate this include selective certification sharing, anonymizing aspects of certifications, and refining certificate distribution mechanisms to offer more control over shared data. These efforts underscore the OpenPGP community's commitment to finding a balance between maintaining a robust, decentralized Web of Trust and safeguarding user privacy. Ongoing discussions and developments aim to enhance privacy-aware practices within the OpenPGP standards, highlighting the importance of addressing social graph metadata leaks proactively. \ No newline at end of file +Efforts to mitigate this include selective certification sharing, anonymizing aspects of certifications, and refining certificate distribution mechanisms to offer more control over shared data. These efforts underscore the OpenPGP community's commitment to finding a balance between maintaining a robust, decentralized Web of Trust and safeguarding user privacy. Ongoing discussions and developments aim to enhance privacy-aware practices within the OpenPGP standards, highlighting the importance of addressing social graph metadata leaks proactively. + +(unbound-user-ids)= +### Adding unbound, local User IDs to a certificate + +OpenPGP allows for the addition of unbound, local user IDs to certificates, enhancing personalization and operational flexibility. These IDs, not globally verified, can attach context-specific aliases or metadata. However, this flexibility introduces challenges related to certificate validity, trust, and potential misuse. + +The OpenPGP community, including implementations like [Sequoia PGP](https://sequoia-pgp.org/blog/2023/04/08/sequoia-sq/#an-address-book-style-trust-model), advocates for responsible management of local user IDs and their integration. Sequoia certifies these IDs with local trust anchors and marks these binding signatures as "local" artifacts using [Exportable Certification](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-exportable-certification) subpackets to prevent unintended distribution (e.g., to public keyservers), balancing personalization with security and privacy. \ No newline at end of file