OpenPGP data in the CERT RR

Simon Josefsson jas at
Wed Aug 7 13:58:02 CEST 2002

David Shaw <dshaw at> writes:

> I agree.  Especially since the zone is being served from a database,
> so the RRs are created on demand, this is the most flexible method.
> However, I don't think there should be any rule against using CNAMEs
> when appropriate.  For example, I control my own DNS - I could put
> something like this into my zone:
> As long as I did not have another '' RR, I could
> then point to the copy of my key on the keyserver without having to
> store it and keep it up to date myself.


Remains to solve the owner name for revocation data.  One possibility
is to define a new RR for it instead of tweaking the owner name.  I
think the path of least resistance is to use owner names and CERT now
though.  I'll try to write text to see if it works.

More information about the Gnupg-devel mailing list