DANE (was: mailto with pgp fingerprint)

Nicolai Josuttis (enigmail) enigmail at josuttis.de
Mon Jul 28 17:24:00 CEST 2014


Are you or is someone working on DANE support for GnuPG?
Any schedule?

Am 22.07.2014 16:27, Werner Koch schrieb/wrote:
> 
> On Tue, 22 Jul 2014 09:40, enigmail at josuttis.de said:
>> More and more we seem to have the problem of faked keys in the
>> key servers. This especially applies to "well known" keys such
>> as authors of magazines and famous tools.
> 
> This is actually the problem of checking the validity of the key. 
> Granted, gpg is not smart enough to figure out the best matching
> key but that is something which can be fixed.
> 
> A more simple way of tackling this is to use PKA or DANE for key 
> validation: For sending mail you already need DNS and thus it would
> be easy to retrieve the matching key from the DNS.  The drawback is
> that this must be configured by the key owner and can't be changed
> by the sender.
> 
> 
> Shalom-Salam,
> 
> Werner
> 

-- 
Nicolai M. Josuttis
www.josuttis.de
mailto:nico at enigmail.net
PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5




More information about the Gnupg-users mailing list