looking up pgp keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Sep 9 15:56:52 CEST 2013


On 09/09/2013 02:12 AM, Phil Pennock wrote:

> Note that most recipient mail-servers will not also run PGP keyservers,
> If you want that approach to take off, I suggest figuring out a DNS
> scheme for asking for SRV records _mail-openpgp._tcp.example.org or
> somesuch.  The details don't matter.

If you do something like that, please don't make up your own scheme.
The current proposed draft for this kind of lookup is from Paul Wouters:

  https://tools.ietf.org/html/draft-wouters-dane-openpgp

If you are working on implementing this sort of scheme, and you evaluate
your threat models sensibly like Phil is suggesting, and you think you
see a problem with it, or a way it could be improved, you should mention
it to Paul.  i'm sure he would be happy to get feedback from
implementors for a revised draft if it is necessary.

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130909/47e5c699/attachment-0001.sig>


More information about the Gnupg-devel mailing list