ietf-openpgp
[Top] [All Lists]

Policy URL -> Policy URI

2005-02-07 03:50:30

Hello OpenPGP-drafters,

It seems important to me to consider replacing URL with URI in the OpenPGP
spec.  This would include URN-schemes, such as references to books that
everybody can pick up in their local bookstore or at Amazon.  A book URN       
would look like URN:ISBN:1-234-56789-0 (see RFC 3187).  There are several       
other useful URN schema's.

There are two places in the specification that speak of URL's; one is the       
keyserver (which really is a location, so it makes sense to keep it as
a URL) and the other is the policy.  I think it makes sense to support more
than just the available-on-my-website kind of local/incompatible policies.

Note that other signing standards do speak of URIs for policies.  In the
PKIX standard RFC 3280, there is a CPSuri definiton; in RFC 3275 (XML
Signing) there is no explicit support for policies (...) but the proper way
of getting it into the signature is with a <Reference/> element which
obtains its information from a URI rather than just a URL.

In OpenPGP, replacing a Policy URL with a Policy URI need not lead to    
conflicts with older software; inasfar as they interpret the subpacket,
they usually treat it either as a literal string that should be matched or
as something that can be presented in a browser.  The reason is that
policies cannot be interpreted by software -- they are usually written in
English.

Browsers are supposed to resolve URN-schemes; as far as they do not
recognise them they will consider the urn: start as a protocol, and of
course state that they do not support it.  Same goes for any other
downloading software.

In other words, the change of a Policy URL into a Policy URN seems
advantageous, and I cannot see how it could cause problems.  I therefore
warmly recommend changing it.


Thanks,

Rick van Rein,
OpenFortress Digital signatures


<Prev in Thread] Current Thread [Next in Thread>