Duane at e164 dot org <duane(_at_)e164(_dot_)org> writes:
Simon Josefsson wrote:
Let me propose that your document specify an OpenPGP attribute 'dnsName'
that contains a UTF-8 string with a DNS domain name, and explain how
wildcard *.example.com names should be dealt with. No ASN.1/DER
encodings and no PKIX terminology.
Even PKIX doesn't stipulate how wildcards should be handled, and so we
have multiple browsers doing multiple things.
RFC 2818 specify how it should be handled for TLS, but you are most
likely correct that multiple browsers doesn't implement it properly.
This would solve your use case, RFC 5081, without having OpenPGP
implementations need to implement PKIX.
I started off down this path, but then you need at least 7 or 8
different extensions alone to deal with common subject Alt Names, DNS,
O, OU, C, ST, L etc where as using PKIX references they maintain the
table, or who ever is in charge of a particular OID subset of the tree.
Is there a use case in OpenPGP for any other alt name than dnsName?
/Simon