DNS record for finding a key from an e-mail address
dougb at dougbarton.email
Mon Mar 14 21:38:49 CET 2016
The IETF is currently working on a specification for a DNS record
(secured by DNSSEC) that will allow users to find a PGP key from an
e-mail address. I'm interested in feedback on how y'all think that
In one version the receiving user would create a truncated version of
their key, using only the UID that is related to that e-mail address.
The sending user would retrieve that key, and the mail software would
rely on it to encrypt the mail to the receiving user. There is also some
discussion in regards to how or whether the software doing the DNS
lookup would, or would not, also utilize the sending user's key ring,
but let's keep it simple for now.
In another version the receiving user would place the full fingerprint
of their key in the DNS, and the sending user's software would use that
fingerprint to retrieve the key and compare that retrieved key to the
user's existing WOT, then inform the user of the results.
Of these alternatives, which do you see as most useful, and why? Or, do
you imagine a different approach?
More information about the Gnupg-users