Policy URLs

David Shaw dshaw@jabberwocky.com
Sat Dec 7 00:18:04 2002

On Fri, Dec 06, 2002 at 07:51:47PM +0100, Kai Raven wrote:
> Hello David,
> On Fri, 6 Dec 2002 08:01:02 -0500 you wrote:
> > Note that the OpenPGP standard doesn't like people to use any tag name
> > they like ("info" in the above example).  The standard asks that
> > people who want to make up their own tags use a tag name like
> > "info@some.domain.com".  You can use your email address for example,
> > but the only important thing is that it has a '@' in there somewhere.
> Have read this in 
> http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-06.txt:
> ....
> Names in the user name space consist of a UTF-8 string tag followed
> by "@" followed by a DNS domain name. Note that the tag MUST NOT
> contain an "@" character. For example, the "sample" tag used by
> Example Corporation could be "sample@example.com".
> Names in a user space are owned and controlled by the owners of that
> domain. Obviously, it's of bad form to create a new name in a DNS
> space that you don't own.
> Since the user name space is in the form of an email address,
> implementers MAY wish to arrange for that address to reach a person
> who can be consulted about the use of the named tag.  Note that due
> to UTF-8 encoding, not all valid user space name tags are valid
> email addresses. 
> ....
> for my understanding: the name@domain syntax has something to do with
> the UTF-8 encoding or name resolution? Don't understand this
> section very well.

The idea is to prevent collisions in the limited namespace (if I make
a notation name "foo", and so does 10 other people, what happens if my
"foo" doesn't mean the same thing?).  The answer is to write
foo@example.com, which if I am the owner of example.com, means that
it's MY "foo" and not anybody elses.  The note about email address is
just a side benefit - since the tag name is "foo@example.com" it
becomes an email address and that address could be pointed towards
someone who can be consulted about the use of the tag.

> And what would you say is the best or general form of the 'name' part of
> the notation string for a private user? The e-mail address of the
> person, who is the holder or creator of the notation or in conjunction
> with a sig or cert policy, the holder/creator of the policy?

I'd use a modified email address.  For user@example.com, I'd do
something like "user+tagname@example.com".  That guarantees that it's
a unique tag name and also lets the user have more than one.

Still, if a tag is useful enough, I'd submit it to the IETF for
standardization so everyone can benefit.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson