Duane at e164 dot org <duane(_at_)e164(_dot_)org> writes:
Please adopt
http://www.ietf.org/internet-drafts/draft-groth-openpgp-attribute-extension-00.txt
as a working group document. This document is trying to describe how to
utilise ASN.1 attributes with OpenPGP keys, the focus is to further
promote the use of OpenPGP keys for server purposes, however some people
expressed interest in other extensions that are more appropriate for
individuals.
Your document reuse subjectAltNames from PKIX. While I think that is a
nice idea that allows to re-use their flexibility, I think the wisdom of
using ASN.1/DER and PKIX in OpenPGP should be challenged.
Let me propose that your document specify an OpenPGP attribute 'dnsName'
that contains a UTF-8 string with a DNS domain name, and explain how
wildcard *.example.com names should be dealt with. No ASN.1/DER
encodings and no PKIX terminology.
This would solve your use case, RFC 5081, without having OpenPGP
implementations need to implement PKIX.
Thoughts?
Thanks,
Simon