[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Duane at e164 dot org wrote:
> Simon Josefsson wrote:
>> Florian Weimer <fw@xxxxxxxxxxxxx> writes:
>>> * Duane at:
>>>> Server uses of which TLS is going to be the biggest use case is the main
>>>> objective at present, most server certificates in the X.509 world have a
>>>> lot more than just dnsName, such as company name, maybe a contact, the
>>>> country, state/territory/province, town/suburb and so on and so forth.
>>> This data is not mechanically processed (at least not in a way which is
>>> consistent across implementations), so you can put it into notation data
>> Right, however, the TLS server name needs to be mechanically processed,
>> so it needs a different mechanism -- such as a new OpenPGP extension
>> that contains a single UTF-8 string intended for identification of
>> TLS+OpenPGP servers.
> The other information needs to be verified in a similar manner as well,
> otherwise the information is much less useful.
> Also a single website can have multiple hostnames.
If all the information submitted needs verifying before being signed by
others is notation data sub packets the most suitable way to do this?