[Standards-JIG] UPDATED: JEP-0027 (Current Jabber OpenPGP Usa ge)

Justin Karneges justin-keyword-jabber.093179 at affinix.com
Tue Mar 16 03:14:58 UTC 2004


On Monday 15 March 2004 5:50 pm, Justin Karneges wrote:
> Alright, I've written up the first revision for a possible JEP-0130:

(replying to myself)

I just thought of two issues with this draft:

1) Replay protection of delayed presence would not work very well, as these 
are meant to be replayed.  Maybe replay protection should not apply to 
broadcasted presence?

2) We need a way for a public key to map to a JID.  I propose that for X.509 
we follow the same guideline as that of xmpp-core.  For OpenPGP, I say the 
bare JID should be in one of the user-id fields of the key.

According to RFC 2440 (OpenPGP), section 5.11, the content of a user-id is 
technically arbitrary, though conventionally it holds an email address:
--
5.11. User ID Packet (Tag 13)

   A User ID packet consists of data that is intended to represent the
   name and email address of the key holder.  By convention, it includes
   an RFC 822 mail name, but there are no restrictions on its content.
--

This means that we could store bare JIDs in RFC 882 form, such as:
  Justin Karneges <justin at andbit.net>

or by creating our own format, such as:
  im:justin at andbit.net

I prefer the former, because it extends the notion of the "user at host.com" 
format as a non-protocol-specific universal ID, which I feel is more in line 
with PGP's purpose.  However, I remember an argument last year advocating the 
latter, to cover domain configurations that provision the same username to 
two different people depending on service/protocol.  Do we really need to go 
there?

-Justin



More information about the Standards mailing list