Using domain as alternative to PGP #1
This morning a topic popped up in the Matrix channel. I volunteered to summarise it here but struggle a little with getting the summary right. Bear with me. I'm not tagging or listing names here because I'm not sure whether the respective people would consent.
Someone compared Keyoxide to „link tree but with pgp encryption to verify users”.
It was pointed out that PGP is not used for encryption but rather to act as the „id”.
The next question was about whether the e-mail address had to be public.
At this point we had an interesting discussion.
Offer alternative means to act as an ID without leaking sensitive information.
Now my idea was to encourage to hold a domain of one's own and use the domain as an ID holder. I believe the technical term is claims.
Those claims are often added as Ariadne URL to the notation part of a PGP key in the current shape of Keyoxide's documentation. The main driver for this is to utilise OpenPGP's API.
There's an option issue at https://gitlab.com/keys.openpgp.org/hagrid/-/issues/180 about an e-mail less key support.
My line of thinking was to encourage WKDs (short for .well-known directories).
If someone holds a domain adding a file to a specific path should be possible. If the content of the file is well-defined, well it could act as a pendant to the notation part.
Since we are talking about claims here, I figured whether JWT (Json Web Token) could be used. Those hold claims as well. I haven't thought about the specifics yet.
You see, I have discovered IndieWeb before I learned about Keyoxide. They are encouraging rel="me" links to bidirectional link together profiles. Since a website is usually open on the Internet anyway, it wouldn't give away additional information.
I feel like domains are easier to understand by people. But they should be aware that it's not „as secure” as using Public Key Infrastructure.
I'd like both to see next to each other.
Now there were concerns raised with this proposal that are worth noting as well:
- A domain has to be paid for
- A registrar can strip the domain holder from it
- A domain could be compromised
- Not everyone has a domain (there could be subdomains or paths, e.g. ~user in academia) - this one was not part of the Matrix conversation
Valid concerns. PGP keys could be comprised as well (for example by accident. Look at how many secrets got leaked in git repositories).
It was brought up that for proofs it is better to use DNS records. I'm in favour of that since it's one of the challenge types by Let's Encrypt and I trust their expertise here. So this could proof the ownership (I was more concerned about the claims).
A few months have past but the idea is still stuck in my mind and I think this is something that should exist.
The concerns need be addressed but some of them (like the paid-for aspect), I think, boil down to choice. People who don't have a domain may have to use the "standard" cryptography route. But if one does have a domain, why not use it?
Right now, I'm busy with the ASP stuff but I'll come back to this issue soon.
Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?