OpenPGP data in the CERT RR

Simon Josefsson jas at
Tue Aug 6 03:06:01 CEST 2002

David Shaw <dshaw at> writes:

> On Mon, Aug 05, 2002 at 05:46:40PM +0200, Simon Josefsson wrote:
>> 2.1 OpenPGP Key ID Based RR Owner Name
>>    The Key ID owner name format is usually used in a situation where a
>>    party is serving keys on behalf of someone else.  This is usually a
>>    big server containing lots of keys, used by many clients.  The owner
>>    name should be the 4 byte OpenPGP Key ID prepended with "0x" (sans
>>    quotes) appended to the system's zone.  An example:
>> IN CERT PGP 0 0 <OpenPGP binary>
> Are you sure this is a good idea?  4 byte key IDs can collide fairly
> easily, especially with v3 keys.  

I thought a little about that, even considered generating alot of keys
until I got a KeyID of 0xDEADBEEF... :-)

> I think that this should be the key fingerprint, and then you can
> CNAME as many other names to this one canonical name as you like:
>  IN CERT PGP 0 0 <OpenPGP binary>
> email address:
> 4 byte keyid:
> 8 byte keyid:
> etc.
> This should work for either self-published or keyserver sort of
> access.

Yup.  Are there cases (worth writing specifications for) where you
only have a 4 or 8 byte key id?  I would prefer to not add even more
flexibility in the owner name guidelines if possible, as flexibility
might mean wasted round trips querying for stuff that isn't there.
Thanks for your comments.

More information about the Gnupg-devel mailing list