DANE (was: mailto with pgp fingerprint)
Nicolai Josuttis (enigmail)
enigmail at josuttis.de
Mon Jul 28 17:24:00 CEST 2014
Are you or is someone working on DANE support for GnuPG?
Am 22.07.2014 16:27, Werner Koch schrieb/wrote:
> On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said:
>> More and more we seem to have the problem of faked keys in the
>> key servers. This especially applies to "well known" keys such
>> as authors of magazines and famous tools.
> This is actually the problem of checking the validity of the key.
> Granted, gpg is not smart enough to figure out the best matching
> key but that is something which can be fixed.
> A more simple way of tackling this is to use PKA or DANE for key
> validation: For sending mail you already need DNS and thus it would
> be easy to retrieve the matching key from the DNS. The drawback is
> that this must be configured by the key owner and can't be changed
> by the sender.
Nicolai M. Josuttis
mailto:nico at enigmail.net
PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5
More information about the Gnupg-users