[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Standardisation of User ID usage for Server Purposes

While I'm happy to see that TLS usage was extended to include OpenPGP
usage, and I mean no disrespect at all, but the author did not include
any details on the structure or formatting of the User ID for server
purposes other than to include the hostname in a single User ID.

This no better than X.509 in some respects as it didn't mention anything
about allowing for multiple hostnames, how wild card hostnames should be
treated or how miscellaneous information could be presented or used.

I think it's crucial that if people want to adopt or use OpenPGP in
place of X.509 that all these things must be addressed and standardised.

Please forgive my presumptions on this topic a little, I have had a lot
more exposure to X.509 in the past and even running a public CA so I
have a little bit of experience when it comes to the kind of things
people want included in certificates, or at least what they've come to
expect already.

To give you a little bit of background where I'm coming from
specifically here, I am already trying to submit a draft through the
DNSEXT working group to incorporate encryption of DNS servers, not just
authentication and originally I had written up a single draft that
covered both the topic of DNS encryption and using OpenPGP keys for servers.

I have since split this draft into two separate drafts and would love
nothing more then to get some comments, suggestions, feedbacks, anything
on my proposal, or even if I could get it adopted by this working group.

Since splitting my draft it's too rough to be presentable just yet in a
normal internet draft form, however that shouldn't take more than a few
days, until then the rough outline is viewable here:



Best regards,