Simon Josefsson wrote: > Let me propose that your document specify an OpenPGP attribute 'dnsName' > that contains a UTF-8 string with a DNS domain name, and explain how > wildcard *.example.com names should be dealt with. No ASN.1/DER > encodings and no PKIX terminology. Even PKIX doesn't stipulate how wildcards should be handled, and so we have multiple browsers doing multiple things. > This would solve your use case, RFC 5081, without having OpenPGP > implementations need to implement PKIX. I started off down this path, but then you need at least 7 or 8 different extensions alone to deal with common subject Alt Names, DNS, O, OU, C, ST, L etc where as using PKIX references they maintain the table, or who ever is in charge of a particular OID subset of the tree. -- Best regards, Duane
Attachment:
signature.asc
Description: OpenPGP digital signature