On Fri, Jul 25, 2008 at 10:17:26PM +1000, Duane wrote:
While I'm happy to see that TLS usage was extended to include OpenPGP
usage, and I mean no disrespect at all, but the author did not include
any details on the structure or formatting of the User ID for server
purposes other than to include the hostname in a single User ID.
This no better than X.509 in some respects as it didn't mention anything
about allowing for multiple hostnames, how wild card hostnames should be
treated or how miscellaneous information could be presented or used.
I think it's crucial that if people want to adopt or use OpenPGP in
place of X.509 that all these things must be addressed and standardised.
Allow me to suggest that overloading the user ID field in such a
drastic manner may not be the best way to go here. If you make it too
machine parsable, then it's not very human readable, and vice versa.
The user ID field has been a RFC-(2)822 for more or less forever, and
a key (even a key intended for special non-common purposes) that
doesn't have such a user ID will cause confusion.
Instead, however, I recommend you define a new User Attribute type.
This is a user ID alternative that is part of the OpenPGP spec but is
not restricted to text, or indeed, any particular format. Up til now
the only defined user attribute has been "image" (used to attach a
picture to a key), but if you define a "TLS" or "server" type, you can
have exactly the semantics you desire without interfering with the
regular user ID.
David