OpenPGP data in the CERT RR
Werner Koch
wk at gnupg.org
Mon Aug 5 23:51:02 CEST 2002
On Mon, 05 Aug 2002 17:46:40 +0200, Simon Josefsson said:
> 2.2 E-mail Based RR Owner Name
> used in the RFC 2822 envelope of OpenPGP messages. A secondary use
> may be to publish OpenPGP Key Revocation Signatures for revoked
> OpenPGP Certificates, in this case the owner name should be the
> standard translation of the email address found in the User ID
> packet(s). An example:
I don't think that this is a good requirement. If you want to test
for a revocation you already have access to the key so it it pointless
to search by email address. It would be better to use the fingerprint
in this case because it uniquely identifies a key and it can be used
to revoke a subkey (useful in case of compromised box where the
primary key was not stored). If the entirre key has to be revoked
CNAMEs to all subkeys can be provided.
Revoking a user ID is not that important.
Having a special name part for such unique specifications might make
sense:
A4D94E92B0986AB5EE9DCD755DE249965B0358A2.pgpkeys.example.org. IN CERT ...
This way a client can figure out where to look for revocations by
doing an MX query and prepending the fingerprint and "pgpkeys".
Salam-Shalom,
Werner
More information about the Gnupg-devel
mailing list