looking up pgp keys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 9 15:56:52 CEST 2013
On 09/09/2013 02:12 AM, Phil Pennock wrote:
> Note that most recipient mail-servers will not also run PGP keyservers,
> If you want that approach to take off, I suggest figuring out a DNS
> scheme for asking for SRV records _mail-openpgp._tcp.example.org or
> somesuch. The details don't matter.
If you do something like that, please don't make up your own scheme.
The current proposed draft for this kind of lookup is from Paul Wouters:
https://tools.ietf.org/html/draft-wouters-dane-openpgp
If you are working on implementing this sort of scheme, and you evaluate
your threat models sensibly like Phil is suggesting, and you think you
see a problem with it, or a way it could be improved, you should mention
it to Paul. i'm sure he would be happy to get feedback from
implementors for a revised draft if it is necessary.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130909/47e5c699/attachment-0001.sig>
More information about the Gnupg-devel
mailing list