OpenPGP data in the CERT RR

David Shaw dshaw at
Tue Aug 6 00:07:03 CEST 2002

On Mon, Aug 05, 2002 at 05:46:40PM +0200, Simon Josefsson wrote:

> 2.1 OpenPGP Key ID Based RR Owner Name
>    The Key ID owner name format is usually used in a situation where a
>    party is serving keys on behalf of someone else.  This is usually a
>    big server containing lots of keys, used by many clients.  The owner
>    name should be the 4 byte OpenPGP Key ID prepended with "0x" (sans
>    quotes) appended to the system's zone.  An example:
> IN CERT PGP 0 0 <OpenPGP binary>

Are you sure this is a good idea?  4 byte key IDs can collide fairly
easily, especially with v3 keys.  I think that this should be the key
fingerprint, and then you can CNAME as many other names to this one
canonical name as you like:  IN CERT PGP 0 0 <OpenPGP binary>

email address:  IN CNAME

4 byte keyid: IN CNAME

8 byte keyid: IN CNAME


This should work for either self-published or keyserver sort of


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list