OpenPGP data in the CERT RR
Simon Josefsson
jas at extundo.com
Wed Aug 7 13:58:02 CEST 2002
David Shaw <dshaw at jabberwocky.com> writes:
> I agree. Especially since the zone is being served from a database,
> so the RRs are created on demand, this is the most flexible method.
>
> However, I don't think there should be any rule against using CNAMEs
> when appropriate. For example, I control my own DNS - I could put
> something like this into my zone:
>
> dshaw.jabberwocky.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
>
> As long as I did not have another 'dshaw.jabberwocky.com' RR, I could
> then point to the copy of my key on the keyserver without having to
> store it and keep it up to date myself.
Agreed.
Remains to solve the owner name for revocation data. One possibility
is to define a new RR for it instead of tweaking the owner name. I
think the path of least resistance is to use owner names and CERT now
though. I'll try to write text to see if it works.
More information about the Gnupg-devel
mailing list