Duane at e164 dot org wrote:
Simon Josefsson wrote:
Florian Weimer <fw(_at_)deneb(_dot_)enyo(_dot_)de> writes:
* Duane at:
Server uses of which TLS is going to be the biggest use case is the main
objective at present, most server certificates in the X.509 world have a
lot more than just dnsName, such as company name, maybe a contact, the
country, state/territory/province, town/suburb and so on and so forth.
This data is not mechanically processed (at least not in a way which is
consistent across implementations), so you can put it into notation data
subpackets.
Right, however, the TLS server name needs to be mechanically processed,
so it needs a different mechanism -- such as a new OpenPGP extension
that contains a single UTF-8 string intended for identification of
TLS+OpenPGP servers.
The other information needs to be verified in a similar manner as well,
otherwise the information is much less useful.
Also a single website can have multiple hostnames.
If all the information submitted needs verifying before being signed by
others is notation data sub packets the most suitable way to do this?
--
Best regards,
Duane