[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt

To: Duane at e164 dot org <duane@xxxxxxxx>
Subject: Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
From: Simon Josefsson <simon@xxxxxxxxxxxxx>
Date: Sat, 16 Aug 2008 00:49:14 +0200
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <48A59E34.4030501@xxxxxxxx> (Duane at's message of "Sat, 16 Aug 2008 01:18:12 +1000")
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=B565716F; url=http://josefsson.org/key.txt
References: <48A4E7E9.8020309@xxxxxxxx> <87r68qqptt.fsf@xxxxxxxxxxxxxxxxxxx> <48A59E34.4030501@xxxxxxxx>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Duane at e164 dot org <duane@xxxxxxxx> writes:

> Simon Josefsson wrote:
>
>> Let me propose that your document specify an OpenPGP attribute 'dnsName'
>> that contains a UTF-8 string with a DNS domain name, and explain how
>> wildcard *.example.com names should be dealt with.  No ASN.1/DER
>> encodings and no PKIX terminology.
>
> Even PKIX doesn't stipulate how wildcards should be handled, and so we
> have multiple browsers doing multiple things.

RFC 2818 specify how it should be handled for TLS, but you are most
likely correct that multiple browsers doesn't implement it properly.

>> This would solve your use case, RFC 5081, without having OpenPGP
>> implementations need to implement PKIX.
>
> I started off down this path, but then you need at least 7 or 8
> different extensions alone to deal with common subject Alt Names, DNS,
> O, OU, C, ST, L etc where as using PKIX references they maintain the
> table, or who ever is in charge of a particular OID subset of the tree.

Is there a use case in OpenPGP for any other alt name than dnsName?

/Simon

Follow-Ups:
- Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
  - From: Duane at e164 dot org

References:
- Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
  - From: Duane at e164 dot org
- Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
  - From: Simon Josefsson
- Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
  - From: Duane at e164 dot org

Prev by Date: Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Next by Date: Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Previous by thread: Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Next by thread: Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
Index(es):
- Date
- Thread