IETF Logo Mail Archive

Re: [openpgp] User ID Attribute Subpacket

Wiktor Kwapisiewicz <wiktor@metacode.biz> Wed, 20 February 2019 19:23 UTC

Return-Path: <wiktor@metacode.biz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEF7F130E7B for <openpgp@ietfa.amsl.com>; Wed, 20 Feb 2019 11:23:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=metacode.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PG1ut2PJR6z2 for <openpgp@ietfa.amsl.com>; Wed, 20 Feb 2019 11:23:23 -0800 (PST)
Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2655C130E58 for <openpgp@ietf.org>; Wed, 20 Feb 2019 11:23:22 -0800 (PST)
Received: by mail-lj1-x22e.google.com with SMTP id z20so20781125ljj.10 for <openpgp@ietf.org>; Wed, 20 Feb 2019 11:23:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=metacode.biz; s=2017; h=to:cc:references:from:openpgp:autocrypt:organization:subject :message-id:date:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=32i8FS6NmxnQVfFSdln1/6+Q6eN3KOOIseM+WvWl++s=; b=AvUWYqjdiVEUaK/1RvpXPwZHvqUsC2Ere/njuoXYSBJ5dAQ5sba9iiFE6jKX7GdDwm 11/pW2PET5cKwVe+dEvzW2dVl6onKrMhLM2CCiyzhH5Ss+5czLs6+kxPkbPMc19sdoeA ItSk1p+RsgxkF4XLZghU5V0zl5I0j8dtOWtSa8U8KcLSq+9LrGxeFUXHt3ovgdDL7dIc 29ctMNdr+uN1+O9ZCDlFOBHPBEDYNUHgG/deiCNkx+tCPRvzvTDtVdDEM+fiHYSY6Nmq rkTc8J7BIN9uuT0HtdljR75y7POccnEHpl/MnTqIjUubCwGwiRZB5R2dQHqaiN7Jr6cI BoQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:cc:references:from:openpgp:autocrypt :organization:subject:message-id:date:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=32i8FS6NmxnQVfFSdln1/6+Q6eN3KOOIseM+WvWl++s=; b=OFITLnFTPfbs2rRHvxnvNC6vkTGIUdCv2a4ga+zetl8LGNzlNaqGe7ROWXbfLgRZ2u 892yOkp0IChrpaQnbx0yHFUZVuui90Xr3ca1r/4iBgSQzLdY43IaEoVbFXTHOPX1TINE zB9ZbuYGocgU/rrFzh5zVsuEHqoocVPWMyciM+3opgra7aPmb2iAN5n0gynFbk+660+0 XfoiFDCcHtx0Z1szAGD6mXpSwOFIIcWeD3d8fBq3FPnit+iAK3zjbGQiZlqVHbQKz4WI Gahtbn5rImGuJYaFAovbSUk+cYzstTyCFEO/wL3LbLM2RmhAeHQaMtC7VspqjuRB2JEv xwJg==
X-Gm-Message-State: AHQUAuYhny/SZjMHPdWw3ugfIxSoMrhAHbsKkb7fGNHJaTDzlvzmacYk kLLEijIoZUcsxc7hgpA1D3YZ6+5XdKo=
X-Google-Smtp-Source: AHgI3IZX5mrlqt8p600oqZmnyuLdBYezdGuM+WeAx0ph3bmgSQ+WZEgC3tJpontYHFsZ5N6OVA099A==
X-Received: by 2002:a05:651c:112:: with SMTP id a18mr21795212ljb.45.1550690600579; Wed, 20 Feb 2019 11:23:20 -0800 (PST)
Received: from ?IPv6:2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3? ([2a02:a317:4e3d:4680:f6ed:4b3c:7510:34c3]) by smtp.googlemail.com with ESMTPSA id d23sm5587316lfc.11.2019.02.20.11.23.18 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 20 Feb 2019 11:23:19 -0800 (PST)
To: Derek Atkins <derek@ihtfp.com>
Cc: Justus Winter <justuswinter@gmail.com>, openpgp@ietf.org
References: <CA+t5QVsS871zG30dhW_GZ9ALq8bDASD-D3p0YQp9iGJEXUddmA@mail.gmail.com> <d34d0310-2851-dc4b-b5b3-79c7ec530e73@metacode.biz> <CA+t5QVsTATuw4pRhEdMOogh3YA237Rd2zOzzX3B3tZL04tfE0w@mail.gmail.com> <d7bf74c8-8415-da7a-4bf9-5bd455fb657e@metacode.biz> <sjmwolu30jc.fsf@securerf.ihtfp.org>
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Openpgp: preference=signencrypt
Autocrypt: addr=wiktor@metacode.biz; keydata= mQINBFhoYHoBEADzmg9UuwDrtvyejU01gDY1J1iJiCi4XGJ4lCfYeLC2jSagIxU/5Lu0lRft 0Loi2tsjpo0c8docP7HFxafEEvnnt/iabd6I536llMuw0uno4PgnD3ljcCMZLT+vn+amIDta lzVoMnSqzoNUotMNMtjIFuAaQ/wr4/Mp9CIgJdviGUc3PscqUiiUVVtk6uF0x657NULZgSIT /Mrqlr2i4RuyPwXe2Qt0uEA3KWWjF0l2NpAMVrqz+nHsLoNOaAsfdx94bzKQrrSeSQqEO2f+ /eO/hbUAFAmEhrotmUO8wJNygo8TgkdlzFI+UE4p8/KW0aCgGGgR8YkCvHq2OQhAAYFNJoNz Hqw0FGxdsY8qWFkYpoSB8zKspNy8KliofCamMYXoPF7eVIxIiKvxrAykGP4jNnzSoV0cn+bY fXnox1IhnqbnoJIT7kTmXv4JmWoYm8ThHqpEgcQOUUQzSRXb9OiNwiXT71ijeO1qswMRpsgk 6AGKSZGWxa3c4ive/p8z1Ax27BFZSh2FceIcMCcGLrDjnQYgeFsAJ1jSxZQXkGuJFHfb4nff Big7aq/vyKrQFQXG0NQQL7rZAdk/s665vifos0yPmRDu7yDT1ggdyBp4Pa4re+ZJcNRNzNHo zU9al+CoImCQjnTtKMXmOe/BzGrpHI4QR3NNzVa423WCIWkHfwARAQABtClXaWt0b3IgS3dh cGlzaWV3aWN6IDx3aWt0b3JAbWV0YWNvZGUuYml6PokCxQQTAQoArwIbAQgLCQgHDQwLCgUV CgkICwIeAQIXgHMUgAAAAAAqAEB0aW1lc3RhbXArYml0Y29pbi10cmFuc2FjdGlvbkBtZXRh Y29kZS5iaXphZmNiMDkyYzVjYTY0MDk1MjZkMThhZTljZjIyZDNiNTVkMzdlNzIzZWIxYjc0 ZTNmODRmN2U2YjA1MmExNjJhFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAlu193MFCQWi18oA CgkQbIhX4Njo8HSAThAAqaqrTGO7eM+ljzGCtJm5rucXZ47bdwq9n4Yh/KKZd6DxM1IBUpyi nBdUVSJv3ffQ8JSFbGGfg5zR2v/3LLrVvpQMH4pj1OxS81dRVSfJ29wJPJmMW/d7v8sCSFu4 obAEVyw/y0o0W5HFr2i/v/i0/USI2uFjngZ2nq3E4+4JnBheMadX+M52CiMKRyaSxVam81Jv B/pd77sB8dmjYojZ59RqqIYh1VRc09LrNGucX2u2moZmiI+W9xV+9NTTAfKkUDAFQ9tr0blq +320VwEMCYDFJFzDqOLF119lRTaiKVwNpfCcrP3dTPToOorGLFbFrK9Ozp3I/NZT5Hrw+5yQ ZW+OXOAj2ToZ2piFBbCVUNNF2rvwt++VyHHyOmF1PnD1F496P7Pz3PUQlmpnilGD/2z1Tenm OabzFNGZVL+Tp0wpJc0aiAGS0j1GPWQONEuW1V+MrLciG9To91ROIH0TdrYS5u/lNIn3Uurs Iqn0astxXgYYIJ1zdG7oxFVbtegK3HvJQade2U/w77aWvT2NknNzRBg1BR0srJ5QaaP1idsT aGUO+hZhvpNZ9CIgBNd8CF3SLWOzwMOoxp5UbQWlA2UyR0b0QoiU96oMLz8k06BIGIeS4A/H u7xzYXdkZnau4gNDL6z8MgIUcqdL81xCOr3wQTuK83Dj0Sr6dac01fy5Ag0EWedg9QEQAMtP WapVDrMX6MPhP2O6ekoPG+C+sw9B/PejBeO6A19Z4KS7j8oCNEDG2Il+KEK/1KHWhyuTdjDE ZKeJg80N2Xa9FpFSth5b1XGXwJqO55a4r4vNKA+gr95k4gCbdsPqVIdQ2XMZTRT/xUuWlv5V x29Ek5oO9c7mrUzQLY0zeq2TFFWnq9YeAjrBq3zB7niCgcd1heWBddJZaToBvBu7yOcakmos YfMPnv0iHYrUVjfM3/D0KBE/IXud/MRNJW+503BA3nD6VqS8ge3C/TDADCiJ7LADFPi/+HJ1 diLJBHzVgLpOhCSJGkFIlry2TqtjAiAKZ0PlccIU51N9Mn0BykiK3Zcd3BTayVoLk6YbnchN NlbuPbD/PoRmbyxw3EIWlajgNAwNDqEebMw3MP7tMNZk6hs/vk7uJWIjTUv6qgj77NLawoDg qs4mnwxSTT1hL4LXAQ5vHc6Ap7fcPyF+oaU8iyN25WQcg9dK0PjbvT02MbooYK1eWDKpahe6 v8DdvU/p8P2g7w8DUCBfWdj36OtDgYltVKDAajiveDQDelwntjbtLr6SaxbdhO8Ni2NUnRMW 5/3b+ngbIwqHEaMDeijllt27cPQ1MDMEiU4Add3/8+5Cypl3vkw1en5OSxztp/jSsvsmbIu3 guYfcul7Vd3g5PlwcAZ8BkyrYpjTkpL1ABEBAAGJBFsEGAEKACYCGwIWIQRlOQmi8ON8EG9f r1RsiFfg2OjwdAUCW7X3zwUJBCPXTQIpwV0gBBkBCgAGBQJZ52D1AAoJELl6HuCdtBfs0+4P /R5gKp160iDCdLDTVQbzxlfEufC2rYlj0LyyBZWMdE8Hx7t7nDgM7jFa6Hte2lm3s9viIaOV W7J6jnDMDbsFirHOdI9Yx5gCdVWVj32+lnyTAU6sik+Az7vfm5/f5n9yKdr7w1X91TzaAdpF ZJs/HAyaK2l6A+VY45FHOBOUE2QkE7F1IITXUis2r7wuMRHoznfy2393ioHsOTiMD+Yi9ZMm w/oDuvPgUb33SgM6RHeCev7h49WowjE3VEpwcCegNVhseSD1XLMVu5nu0tHniJUvOGcfpCqc 4EkU9cmss9s63ET2O+PLbYN4HpDnzt1Nfid4fdvqWle7+mT0c/5gWpjUfhjZm6CteFlrYdlI FPJuej5fBqBhH/wGJ5eAptyRlCFDytR6WI7CR6Hv/sfVc9QT3GGFh2gQ7j2E3cRZi8VkyycC sp8ioPyK2eXnnqbzmbNDlXaHY5cZjCXyBmURqHoHmwpkI83FqWXL4c2GI7rGekl2VK/yZVlB XCLzuuWqworAUwEJH02USiRaz2OBJBzJKMn/SyCcNEXffsIbUFQSSdBSZtUX0w0gpILUxG6l y4SATpPWXUJ24VFx2W8AdyavMYl9RIDosqmfdP5w5C7rZdRxKJAF7bZSgrcNAeSkFikn4UQE iOpAbDiZOLyMtmPbs03S103QApTls+e8bmUJCRBsiFfg2OjwdLfXD/4iceGw3oN8d2A3JsAp nkWTcmrt7pPW/dr/BD0owAjlJjwismpgt/0k0eTwccR4ab2N5uVdh1jiuOBol4B6L1jJebHR Zlt7QvXRVl5hynNW8lDAsq4uWOFg/n6TDLslt83qIPYc/o1Fks5tf5HX0FcEQx77o5GFD45q 3z9ubG9qST2Lavv9hAxON3vTbMHz0o/pqU7bWw59lqtiEqm3nQgRwEc6cOgHISD3IYkwTnV8 VjLDb4VLQXlXp8hdwAGIXmD5WyJGYhbmk5YfGafzZQR0Rku/JOgzqntwI0RVKgHRWXGsxq/r IPJH5o2QjnplTMVTT50zp/ieOpNHTUX27q9bH/ivozh3zAejlgS0HNXexebwxuQct6XXcfoa zshOXsVrrqmBw4r1uO2p1HCbY0mlwNek28IQ3j481uUWT94bkfDnp1SeY4CDl7nRxApXdhEl NWAER7mVnER76YGu7NL0zV9/Sa8+V5a3vpn1WEZL6muHZ32K45pfuoj/zLpkTmnn1X8So8Qv 95Z+gJP4iz1HUEW9qqFZvsEeTS6hRoHE/1SZG6keVsPkRtdVlgwA3YJOmaN03ZtQz0Eqo9Fd hxkgfM3h8swZkxfzpsjgDs6e/1yizHNyGnQSAojxdvtVdHhO7smUt5RYCjTmWgkCh2SXVBXh vlYAytc4Xwluk16oe7kBDQRbP5UtAQgAuaF9695bhe3MzBfFBcSc+eV7rzUbOLRI6B86nKqH uPkScnzQ7bKYHr2CKtVkysPx92WLHdsGaZDNyPgSZ/Xnh2SrO+6l0GRjeTwQeua2aC4zMfqh 2usB+JSGDGFu3gfRxzLE/+RNyCwUkc2SMCYpnf0HSDCkqyeZjzJAHfvfsaG+cyhzuS+aW0LS UhktJte/4QNJAkyyPPOYS7U9ybCPylsLgGA608LGss4f4RvzYHQNyPMZa0AiwtBBSaMR5Dfb Qsl3ij5ayD2MjAdYx06NYjVdAkBqZPs3+gwP8khnycXd9JLCWfMuasQ+N80tGH32DAtNQnrq j6BmdhcvVcYTgwARAQABiQI8BBgBCgAmAhsMFiEEZTkJovDjfBBvX69UbIhX4Njo8HQFAlu1 988FCQLLoxUACgkQbIhX4Njo8HQpcRAAvsOQsP0C2CsBSvBNRRg1As3u+WMyTmBM419K1R1W yQZCPqEiaQ65TBnDIXSCsm1w25gMFBjgvOt9evEHowJMsX9Y0kSgXCMeM6AHaSnktpnxTiAR bSVvv0c5CMGIuLBR+I6ySF9YYzP86y9dTydemkZYQJkQJlfO8bOt2TdeUSp8vsGoAdSuCmqz aBAuGwlkXs7M7VCptStbjFqgX5wwX6AjIL0K7toNIMGZXuZBFFFQhjFmie+r8es7Bqvuzd7b pdynHtlDDoogfqvUHLuRuRpBZNkN70dtycBF2lgQZYyrqDjSUJQhWdAUKAYFdjn3wcrAfTd/ GyygsUBtDpKZpaDZgdYoPuRt/NeHEr6G71SDCQBEWWm6MzE290K82UAUy9VnuyuQ0y+Q50nS UP9mkvXPtGTY1CmHZi5r7skRYkd16yCEbkJIcjpmbaIvWSvqRTnGqLrkgnBfC0M3bVC40G5m 3P6WOq8I6dPLk7IGMr3muo9/RAXjDwzpmPhfVabz/23k+xKKTC3aTlMvBcet5xPtfMB6aDQl OPyWOA+eTe/EAfpu/M0n4sTmBFDUfUUNnlYFsKvPsRZ7Rzeib0auZ/r0gKCBrB9abncemayR F9yJmkBISgT8SrZ4ukmBsgCugTEk4KmI35f5FPgqxIAhqkFB74/autmGQnF0P6IMzAO5AQ0E Wz+VagEIALfzaIAu2prgEE+mmLpd5Z2o+w5ombyxvfUAaEzUWkIyaWyndzL7tKX2ofhp0EIn MTjtxjrj1VnnE1TCwSgxV/C/Flk6tjRYcKGVeeTAXFYFbDu2vUh1i1MM67Hyh4fRvu+1DasV JXZCk0SI7NBkgor6VVydttheJ2D9FJWLFEHDaPWEuZvL18MGxsoD0c6Vq+XOQYev/VZgh91m eTtegUajYnrTgW6lSiK43cObi/UmRS2FuDpLCzl+9D7zM5/XNAViFFUgMDCWBsJZDfsRYkSm ZH4dfmi3OAphGRrLbfaaKhwmQFFFZ4U4I84Xl7MGIFKR2Mbav13l9hOb5CyviQ0AEQEAAYkD cgQYAQoAJgIbAhYhBGU5CaLw43wQb1+vVGyIV+DY6PB0BQJbtffQBQkCy6LYAUDAdCAEGQEK AB0WIQTvHuD6lCD4BP3vwCaX/e802rj4KwUCWz+VagAKCRCX/e802rj4K7naCACEcQYkm2Xq LuNpI9XCzadE28KPT9BnEJtzo6zLejYcJEpjmbWM55+vkyaMR1anxrBcDl4H7SStucysLFKR le6eBncK2EZ/qxxSpK7Idlyo4lVrVVA+Ug/3BgYDOnTIIakK2sy25gfAFas3pmsmF/bvcOTT MTFXuGbs3tdnToAH9ML/kT11ccZ9JlWJcTlo4qHelS594NuGk7/mzeoZnLIxiUZUKQQNA1bE qfcGMZTAnbWk4cwnzkk6EDl5mDCZl5nd3kqACTUEZUgEZaz+crIjG4EtPBLpGy/4b7Opmsny gNtkTua4wkKhszeAVKksOETMUEEDs/wTv7CmO0XSAkbWCRBsiFfg2OjwdOW1D/sGdJczydRD diLy09AcJThxcen/YrkAEpsfoWTeBhYBFJByAanuhMx4DWjyS5+AYmsXFKF9A4xiaVgvr9z8 NVIxISv/xLPApyNrfJ/0F8CnYiWtn+7cy4Va00gaahGbOjfn/G9vbE/6dDtvm6fAMbXhwZxa Q4emZOa4vAxE+2yuMWHVEOUIcB6/JhC+SoCbHXM9+jDFdVJYLHCeiIPEz4BUNFMOdVtY4pYp ah58ZPEy/jjILPdxmH0t6KhGSRwzL9/f7WFWzXuO2xi7dALD8r8NSaQKnAxC8cItk/r3RkIx B3G9PhBmfDN0iaBZKrErk3ItpHoizSW7n84kzXODEShvT20Emh5CJ8tRrIHRgRv61hGBtK3y sSUqllw/O8Q2X952bk+7Yxr79z9fbepEmf9GvRwIWc/37pT//b74UvJW/qxhPSQij/Ira97P jLEJpB03qdT1z7/wy76EI/botldwu5gO8MAaOUEVa4OUGHunOJdnVB8QHiD/7WcIyV9OMnXQ mMlzFwNCAdbogaGQhAyRkSyZr2hR71jhSik7859Y29/DdLKQxwdi1zXUS3nTb+/ClxGKD8D4 5joqgukB5JIDmpwewZLHm44tBxcJzQHcJaIxyBLkRgit7Ralb2mKm6SP4nyqs2+5LhzxUEDJ XRujRx/4fbU1SFqd+BeXB+jRlw==
Organization: Metacode
Message-ID: <ba6a5323-965f-d468-5e02-3d1d0cd669d0@metacode.biz>
Date: Wed, 20 Feb 2019 20:23:07 +0100
MIME-Version: 1.0
In-Reply-To: <sjmwolu30jc.fsf@securerf.ihtfp.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/7OQUU8PwUlskqVZpD-yruUfvzTQ>
Subject: Re: [openpgp] User ID Attribute Subpacket
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Feb 2019 19:23:26 -0000

Hi Derek,

On 20.02.2019 17:08, Derek Atkins wrote:
> Yes, most of what was in the draft could have been implemented using
> standard OpenPGP mechanisms.  Indeed, the device-certs draft was not
> intended at the time to be incorporated into 4880bis but rather to be a
> standalone document that lived along side it.
> 
> The main purpose was to enable the smallest certificate possible, but
> really the purpose of the device-certs draft was multi-fold:
> 
> 1) Allow a PGP Key Certificate without a signature key.  The idea here
>     is that some small devices may only have a key-agreement key
>     available so may not be able to create a signature.  However, 4880
>     did not allow this configuration and required a top-level signature
>     key and relegated other keys to sub-usage.

By "signature key" do you mean "certification key"?

Because as far as I can see RFC 4880 definitely allows having the 
primary key being certification only:

"In a V4 key, the primary key MUST be a key capable of certification" [0]

[0]: https://tools.ietf.org/html/rfc4880#section-12.1

(I'm using C-only primary key, it's available via WKD).

> 2) The reason for the User ID Attribute subpacket was that we wanted to
>     have multiple Attribute subpackets included in the certificate in a
>     primary signature, but this was not possible with 4880.  My memory is
>     hazy on what the exact issue was, but IIRC you could EITHER have a
>     UserID packet OR a set of Attribute packets, but not both.  Because I
>     wanted both a UserID *AND* additional attributes in a single
>     signature, this seemed the best way to do it.

What would you store in these User ID Attributes that would not be 
possible in regular User IDs?

> 3) Yes, we could have just used FQDN-based notations, but then we're
>     litterally adding at least 13 bytes PER NOTATION.  Given the number
>     of notations in use, that was adding on the order of 65-130 BYTES to
>     the certificate, or about 10-15%!

This depends on the FQDN, e.g. using '@ihtfp.com' adds only 10 bytes, 
and there are shorter domains. This can be coupled with shortening of 
the keys (e.g. 'prodid' -> 'p') although I admit they look shortened 
already :)

Are all of them needed and used at the same time?

>> Having said that I wasn't around when it was conceived so probably
>> there is some rationale for its inclusion.
> 
> Indeed.  Honestly, at the time the intent was to progress the
> device-certs draft on its own and register those notations that way.
> But then the WG stalled, and Werner kindly incorporated those
> definitions into 4880bis.
> 
> Still, adding these to 4880bis does not add significant complexity to
> the draft but DOES make a marked difference in its usability.  Please do
> not remove these improvements.

I don't know what are the criteria for inclusion but when reading the 
rest of the RFC device-certs strike me as something with a narrow focus. 
A stark contrast to otherwise generic and versatile constructs.

 >> Actually from my casual skimming of the device certifications draft I
 >> see most of the changes can be implemented over what is already in
 >> OpenPGP.
 >
 > *CAN*, yes, but there are reasons to minimize.  See below.

Could you share what's the rationale for keys being minimal? From what I 
have seen it has something to do with devices of limited memory but I'm 
eager to know details, are there any implementations of device-certs in 
the wild?

For example what would the User ID Attribute look like?

>> [0] I did experiment with putting URIs in User IDs for extended info
>> (https://github.com/wiktor-k/distributed-ids#distributed-ids)
> 
> Cool.  But not useful to me ;)

Hard to recommend something if I don't know what you're after :)

Kind regards,
Wiktor

-- 
https://metacode.biz/@wiktor

v2.23.0 | Report a Bug | By Email