David Shaw wrote:
OpenPGP is not an email-only protocol. Inevitably, such a key would
leak from the "server" realm to the "everything else" realm.
X.509 prevented this by usage extensions in the certificates stating
what it should and shouldn't be allowed to do, and also preventing it
from being used for some purposes.
However I most certainly am not suggesting or implying in any way shape
or form that things go down that path with OpenPGP.
Protecting people from themselves has been detrimental and possibly
limited innovation and thinking on the topic because everyone seems to
think the same way when it comes to implementing X.509.
No. You can define anything you like, in any form you like.
Basically, think of it as being given a chunk of bytes attached to an
OpenPGP key. You can put anything you want in there, in any format
you want, to be parsed however you want. You completely own the
format. OpenPGP then guarantees that your bytes cannot be tampered
with, using the same protection that it uses for regular user ID
strings.
This is why I posted to this list, because I didn't know if I was doing
things in the best way or not, and I appreciate pointing out things I
didn't consider.
I'll re-write the draft, if someone hasn't already, to incorporate these
new ideas.
--
Best regards,
Duane