On Wed, Mar 25, 2015 at 05:58:45PM -0400, Paul Wouters wrote:
> >Any alternative protocol should just return the SMIME or PGP key
> >for the address, and avoid returning any intermediate "canonical"
> >addresses used to locate those.
>
> You realise the openpgp key will likely contain any correct IDs right?
I'm aware of the current design possibly returning usernames in
addition to key material. Not clear whether that's a feature, but
in any case that happens only for users with keys. I was responding
only to a suggestion of running a pure canonicalization service,
which would then canonicalize also names with no keys.
Similarly SMIME certs often contain email addresses. Though with
SMIME (CMS), the recipient info from which key copies are decrypted
is identified by "IssuerAndSerialNumber" or "SubjectKeyIdetifier"),
so one *can* create certs for SMIME encryption that contain only
opaque identity information.
I don't know how recipient key copies are identified in PGP.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
