[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Duane at e164 dot org <duane@xxxxxxxx> writes:
> Simon Josefsson wrote:
>> Let me propose that your document specify an OpenPGP attribute 'dnsName'
>> that contains a UTF-8 string with a DNS domain name, and explain how
>> wildcard *.example.com names should be dealt with. No ASN.1/DER
>> encodings and no PKIX terminology.
> Even PKIX doesn't stipulate how wildcards should be handled, and so we
> have multiple browsers doing multiple things.
RFC 2818 specify how it should be handled for TLS, but you are most
likely correct that multiple browsers doesn't implement it properly.
>> This would solve your use case, RFC 5081, without having OpenPGP
>> implementations need to implement PKIX.
> I started off down this path, but then you need at least 7 or 8
> different extensions alone to deal with common subject Alt Names, DNS,
> O, OU, C, ST, L etc where as using PKIX references they maintain the
> table, or who ever is in charge of a particular OID subset of the tree.
Is there a use case in OpenPGP for any other alt name than dnsName?