[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Standardisation of User ID usage for Server Purposes



David Shaw wrote:

> OpenPGP is not an email-only protocol.  Inevitably, such a key would
> leak from the "server" realm to the "everything else" realm.

X.509 prevented this by usage extensions in the certificates stating
what it should and shouldn't be allowed to do, and also preventing it
from being used for some purposes.

However I most certainly am not suggesting or implying in any way shape
or form that things go down that path with OpenPGP.

Protecting people from themselves has been detrimental and possibly
limited innovation and thinking on the topic because everyone seems to
think the same way when it comes to implementing X.509.

> No.  You can define anything you like, in any form you like.
> Basically, think of it as being given a chunk of bytes attached to an
> OpenPGP key.  You can put anything you want in there, in any format
> you want, to be parsed however you want.  You completely own the
> format.  OpenPGP then guarantees that your bytes cannot be tampered
> with, using the same protection that it uses for regular user ID
> strings.

This is why I posted to this list, because I didn't know if I was doing
things in the best way or not, and I appreciate pointing out things I
didn't consider.

I'll re-write the draft, if someone hasn't already, to incorporate these
new ideas.

-- 

Best regards,
 Duane