[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Critical bits and notations



On Fri, May 20, 2005 at 09:45:17AM +0100, Ben Laurie wrote:
> 
> Werner Koch wrote:
> >On Thu, 19 May 2005 21:43:34 +0100, Ben Laurie said:
> >
> >
> >>This whole discussion scares me. You have an extension mechanism with
> >>no registry for extensions.
> >
> >
> >We do have a way to register extensions ([5.2.3.16. Notation Data]):
> >
> >   The IETF name space is registered with IANA. These names MUST NOT
> >   contain the "@" character (0x40) is this is a tag for the user name
> >   space.
> >
> >   Names in the user name space consist of a UTF-8 string tag followed
> >   by "@" followed by a DNS domain name. Note that the tag MUST NOT
> >   contain an "@" character. For example, the "sample" tag used by
> >   Example Corporation could be "sample@xxxxxxxxxxx".
> >
> >   Names in a user space are owned and controlled by the owners of that
> >   domain. Obviously, it's of bad form to create a new name in a DNS
> >   space that you don't own.
> >
> >Where do you see the problem?
> 
> Doh! The problem lies between my chair and keyboard. Sorry.
> 
> A passing comment, though - if you want domain names to be a safe 
> extension mechanism, you should include a date, since they can change 
> hands (without consent of the current owner, even).

It's also worth noting that the naming rules are often ignored in
practice.  A year or two ago, I pulled a keyring from one of the
keyservers and enumerated the notation names.  I'd have to dig up my
notes from then, but I seem to recall that around 85-90% of them were
the string "COMMENT".

(Since then, GnuPG has refused to create notation names without a '@'
in them).

David