[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Standardisation of User ID usage for Server Purposes



On Fri, Jul 25, 2008 at 10:17:26PM +1000, Duane wrote:
> 
> 
> While I'm happy to see that TLS usage was extended to include OpenPGP
> usage, and I mean no disrespect at all, but the author did not include
> any details on the structure or formatting of the User ID for server
> purposes other than to include the hostname in a single User ID.
> 
> This no better than X.509 in some respects as it didn't mention anything
> about allowing for multiple hostnames, how wild card hostnames should be
> treated or how miscellaneous information could be presented or used.
> 
> I think it's crucial that if people want to adopt or use OpenPGP in
> place of X.509 that all these things must be addressed and standardised.

Allow me to suggest that overloading the user ID field in such a
drastic manner may not be the best way to go here.  If you make it too
machine parsable, then it's not very human readable, and vice versa.
The user ID field has been a RFC-(2)822 for more or less forever, and
a key (even a key intended for special non-common purposes) that
doesn't have such a user ID will cause confusion.

Instead, however, I recommend you define a new User Attribute type.
This is a user ID alternative that is part of the OpenPGP spec but is
not restricted to text, or indeed, any particular format.  Up til now
the only defined user attribute has been "image" (used to attach a
picture to a key), but if you define a "TLS" or "server" type, you can
have exactly the semantics you desire without interfering with the
regular user ID.

David