OpenPGP data in the CERT RR

Simon Josefsson jas at
Tue Aug 6 03:24:01 CEST 2002

Simon Josefsson <jas at> writes:

>> I think that this should be the key fingerprint, and then you can
>> CNAME as many other names to this one canonical name as you like:
>>  IN CERT PGP 0 0 <OpenPGP binary>
>> email address:
>> 4 byte keyid:
>> 8 byte keyid:
>> etc.
>> This should work for either self-published or keyserver sort of
>> access.
> Yup.  Are there cases (worth writing specifications for) where you
> only have a 4 or 8 byte key id?  I would prefer to not add even more
> flexibility in the owner name guidelines if possible, as flexibility
> might mean wasted round trips querying for stuff that isn't there.
> Thanks for your comments.

Trying to be bit more clear: Changing the document to use the full
fingerprint all of the time is what I (now) think is the best idea.
Supporting 4 and 8 byte keyId's too seems like unnecessary work unless
it is really needed.

More information about the Gnupg-devel mailing list