Automatic key verification / CERT in DNS / RFC4398

Werner Koch wk at
Wed Apr 5 11:50:27 CEST 2006

On Tue, 04 Apr 2006 14:24:18 +0200, Jeroen Massar said:

> This all though leads to a concern on the placing of the CERTS. Having a

That is not really a question.  The new DNS based certificate (well,
keyblock) capability of gpg is independent of the PKA system.  Keys
may still be stored on key servers (which are much better now than in
the past) or on web pages or whereever one wants.

Actually you can starting deploying such a system right now if you do
it at the MTA and use just a key per domain.  This will allow better
verification of mails from potential phishing targets.



More information about the Gnupg-devel mailing list