Simon Josefsson <simon@xxxxxxxxxxxxx> writes: >>> In particular section 3.3 explains how a OpenPGP key for >>> leslie@host.example would lead to a CERT record on the >>> leslie.host.example domain. See >>> http://tools.ietf.org/html/rfc4398#section-3.3 >> >> Which is very much part of the problem. RFC 103[45] have mbox names >> which unfortunately causes namespace collisions. Usernames and >> hostnames shouldn't be in the same namespace. RFC 4398 continues >> to have that problem. > > I don't see that as a problem. > > To my knowledge, associating an OpenPGP key with a host is rare, and > when it happens the usual best practice in the OpenPGP world has been to > "invent" a email address like root@xxxxxxxxxxxxxxxx and put that in the > OpenPGP key. So no collisions happen. > > Even if a collision would happen, it is not a show-stopper. You just > put two CERT records at the same name. The client will need to have > functionality to figure out which key out of several to use anyway. Btw, how does draft-ietf-dane-openpgpkey handle OpenPGP keys for hostnames? I don't see anything in it. I propose that username<->hostname collisions for OpenPGP is a non-issue. /Simon
Attachment:
signature.asc
Description: PGP signature