[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Standardisation of User ID usage for Server Purposes

On Sat, Jul 26, 2008 at 01:14:02AM +1000, Duane wrote:
> David Shaw wrote:
> > Allow me to suggest that overloading the user ID field in such a
> > drastic manner may not be the best way to go here.  If you make it too
> > machine parsable, then it's not very human readable, and vice versa.
> > The user ID field has been a RFC-(2)822 for more or less forever, and
> > a key (even a key intended for special non-common purposes) that
> > doesn't have such a user ID will cause confusion.
> If used for server purposes I doubt it will cause confusion, and such
> keys should not be used for email.

OpenPGP is not an email-only protocol.  Inevitably, such a key would
leak from the "server" realm to the "everything else" realm.

> > Instead, however, I recommend you define a new User Attribute type.
> > This is a user ID alternative that is part of the OpenPGP spec but is
> > not restricted to text, or indeed, any particular format.  Up til now
> > the only defined user attribute has been "image" (used to attach a
> > picture to a key), but if you define a "TLS" or "server" type, you can
> > have exactly the semantics you desire without interfering with the
> > regular user ID.
> Is there any problem with defining several types, ie town/city,
> state/province, country etc?

No.  You can define anything you like, in any form you like.
Basically, think of it as being given a chunk of bytes attached to an
OpenPGP key.  You can put anything you want in there, in any format
you want, to be parsed however you want.  You completely own the
format.  OpenPGP then guarantees that your bytes cannot be tampered
with, using the same protection that it uses for regular user ID