Re: Please adopt http://www.ietf.org/internet-drafts/draft-groth-openpgp

Simon Josefsson wrote:

> Let me propose that your document specify an OpenPGP attribute 'dnsName'
> that contains a UTF-8 string with a DNS domain name, and explain how
> wildcard *.example.com names should be dealt with.  No ASN.1/DER
> encodings and no PKIX terminology.
Even PKIX doesn't stipulate how wildcards should be handled, and so we
have multiple browsers doing multiple things.

> This would solve your use case, RFC 5081, without having OpenPGP
> implementations need to implement PKIX.
I started off down this path, but then you need at least 7 or 8
different extensions alone to deal with common subject Alt Names, DNS,
O, OU, C, ST, L etc where as using PKIX references they maintain the
table, or who ever is in charge of a particular OID subset of the tree.

-- 

Best regards,
 Duane

signature.asc
Description: OpenPGP digital signature