Simon Josefsson wrote:
Let me propose that your document specify an OpenPGP attribute 'dnsName'
that contains a UTF-8 string with a DNS domain name, and explain how
wildcard *.example.com names should be dealt with. No ASN.1/DER
encodings and no PKIX terminology.
Even PKIX doesn't stipulate how wildcards should be handled, and so we
have multiple browsers doing multiple things.
This would solve your use case, RFC 5081, without having OpenPGP
implementations need to implement PKIX.
I started off down this path, but then you need at least 7 or 8
different extensions alone to deal with common subject Alt Names, DNS,
O, OU, C, ST, L etc where as using PKIX references they maintain the
table, or who ever is in charge of a particular OID subset of the tree.
--
Best regards,
Duane
signature.asc
Description: OpenPGP digital signature