[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Critical bits and notations

To: ietf-openpgp@xxxxxxx
Subject: Re: Critical bits and notations
From: David Shaw <dshaw@xxxxxxxxxxxxxxx>
Date: Fri, 20 May 2005 20:18:00 -0400
In-reply-to: <428DA39D.2050308@xxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Mail-followup-to: ietf-openpgp@xxxxxxx
Openpgp: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
References: <20050511042836.91ACA57EE6@xxxxxxxxxx> <87psvymdtl.fsf@xxxxxxxxxxxxxxxxxxxxx> <20050511042836.91ACA57EE6@xxxxxxxxxx> <20050511143536.GA27860@xxxxxxxxxxxxxxx> <7aa4a188ebe94c0c678f4f81c446ef7f@xxxxxxxxxx> <428CFA76.3010908@xxxxxxxxxxxxx> <874qcy2wcw.fsf@xxxxxxxxxxxxxxxxxxxxx> <428DA39D.2050308@xxxxxxxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.8i

On Fri, May 20, 2005 at 09:45:17AM +0100, Ben Laurie wrote:
> 
> Werner Koch wrote:
> >On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said:
> >
> >
> >>This whole discussion scares me. You have an extension mechanism with
> >>no registry for extensions.
> >
> >
> >We do have a way to register extensions ([5.2.3.16. Notation Data]):
> >
> >   The IETF name space is registered with IANA. These names MUST NOT
> >   contain the "@" character (0x40) is this is a tag for the user name
> >   space.
> >
> >   Names in the user name space consist of a UTF-8 string tag followed
> >   by "@" followed by a DNS domain name. Note that the tag MUST NOT
> >   contain an "@" character. For example, the "sample" tag used by
> >   Example Corporation could be "sample@xxxxxxxxxxx".
> >
> >   Names in a user space are owned and controlled by the owners of that
> >   domain. Obviously, it's of bad form to create a new name in a DNS
> >   space that you don't own.
> >
> >Where do you see the problem?
> 
> Doh! The problem lies between my chair and keyboard. Sorry.
> 
> A passing comment, though - if you want domain names to be a safe 
> extension mechanism, you should include a date, since they can change 
> hands (without consent of the current owner, even).

It's also worth noting that the naming rules are often ignored in
practice.  A year or two ago, I pulled a keyring from one of the
keyservers and enumerated the notation names.  I'd have to dig up my
notes from then, but I seem to recall that around 85-90% of them were
the string "COMMENT".

(Since then, GnuPG has refused to create notation names without a '@'
in them).

David

References:
- Re: Critical bits and notations
  - From: "Hal Finney"
- Re: Critical bits and notations
  - From: Werner Koch
- Re: Critical bits and notations
  - From: David Shaw
- Re: Critical bits and notations
  - From: Jon Callas
- Re: Critical bits and notations
  - From: Ben Laurie
- Re: Critical bits and notations
  - From: Werner Koch
- Re: Critical bits and notations
  - From: Ben Laurie

Prev by Date: Re: Key Algorithms?
Next by Date: Elgamal Signatures?
Previous by thread: Re: Critical bits and notations
Next by thread: minor comments on draft-ietf-openpgp-rfc2440bis-12.txt
Index(es):
- Date
- Thread