ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Please review OpenPGP part of RFC 2538bis

2004-11-06 11:48:32
from [Simon Josefsson] [Permanent Link] 

All,

RFC 2538 is being revised to improve the details regarding OpenPGP
certificates, to promote interoperability.  The point of the document
is to store OpenPGP certificates and revocation information in DNS.  I
would appreciate if people here would look at the proposed update to
see if it reference RFC 2440 properly.  The document is available
from:

http://www.ietf.org/internet-drafts/draft-josefsson-rfc2538bis-00.txt

In particular, the part that describe what goes into the data portion
of OpenPGP CERT RRs now reads:

   The PGP type indicates an OpenPGP data packet.  Two uses are to
   transfer public key material and revocation signatures.  The data is
   binary, and MUST NOT be encoded into an ASCII armor.  Public keys can
   use the OpenPGP public key packet (tag 6) or public subkey packet
   (tag 14), as described in section 5.5 of [5].  Revocation signatures
   can use an OpenPGP signature packet with a revocation signature type,
   i.e., signature type 0x20, 0x28 or 0x30, as described in section 5.2
   of [5].

Is this correct?  Would it be useful to mention other kind of OpenPGP
data packets directly, as well?

The owner name guidelines part of the document has been extended with
the following text.  To review this require some familiarity with DNS.

   Applications that receive an OpenPGP packet but do not know the email
   address of the sender will have difficulties guessing the correct
   owner name.  However, the OpenPGP packet typically contain the Key ID
   of the key.  Such applications can derive the owner name from the Key
   ID using an Base 16 encoding [8].  For example:

      $ORIGIN example.org.
      F835EDA21E94B565716F    IN CERT PGP ...
      B565716F                IN CNAME F835EDA21E94B565716F

   Again, if the same key material is stored at several owner names,
   using CNAME can be used to avoid data duplication.

Further, if someone has additional thoughts on he document, now would
be a good time to discuss them.

If someone is interested in reviewing the differences in 2538bis
compared to 2538, there is some additional resources available from:

http://josefsson.org/rfc2538bis/

Since this work is not part of the OpenPGP WG charter, it is
presumably safest to reply to me off-list.  If you feel an on-list
discussion can be tolerated, that could prove useful.

Thanks,
Simon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: Please review OpenPGP part of RFC 2538bis, Florian Weimer
Next by Thread:  Re: Please review OpenPGP part of RFC 2538bis, Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]