DNS record for finding a key from an e-mail address

Mire, John jmire at lsuhsc.edu
Mon Mar 14 23:25:49 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 3/14/2016 15:38, Doug Barton wrote:

[..snip..]
In one version the receiving user would create a truncated version of
their key, using only the UID that is related to that e-mail address.
The sending user would retrieve that key, and the mail software would
rely on it to encrypt the mail to the receiving user. There is also some
discussion in regards to how or whether the software doing the DNS
lookup would, or would not, also utilize the sending user's key ring,
but let's keep it simple for now.

In another version the receiving user would place the full fingerprint
of their key in the DNS, and the sending user's software would use that
fingerprint to retrieve the key and compare that retrieved key to the
user's existing WOT, then inform the user of the results.

Of these alternatives, which do you see as most useful, and why? Or, do
you imagine a different app   [..snip..]


There are other people that are more qualified to answer this, but
having been a sysadmin
since mail route maps were the rule and NS was a hosts.txt downloaded
from your upstream
connection...
I think there is a system in place that works pretty well, keys are not
'siloed' in one place but are
distributed to every keyserver for the public to see, its the sks
openpgp keyservers.  At last count,
there are 4,215,893 keys that occupy approximately 7.7Gb of space.  
https://sks-keyservers.net/

/john

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIVAwUBVuc6d+PfSlFQACbmAQhLLw/9FUhsVbQv6hBICJUiNOvW9D7uh4scZwpV
RfQKCX0ieLfaMjvP9oaVr5tMX0pdVTJwLaCZIJu0wR09mb0WRDjsajXLZpLUP7sP
SozQwxI8TeHrsRNowKqklhmMgqnCc8vWA9XBjNz4anOcBgM2N+lYNJrhCPJPmsTU
m+JuVnvxNSHy8/SYSbUb1o3KXneL7SPJbKkB7hcPMAEFjTlA0WW7T97r3CkkUi4V
LcMiMOI2l2vBSAmhBukV5AxXU2UNR5UuInOjuw3bT8cO0wGPr7g8aT9qhnpmlJHe
5KPBYxOOgff8riE2xcqgh6+9OzbZWA6Bwt8TRplTChBDienU0QIsGjuJB/QBsbGB
HQIgPW1MT3zg28V1pixaz0lKbCw6WkdUDeV0iKzpaAqY1ZOwGiYuZ2SLlqUSJg+9
naUvdP+pvd+1T4ZHq3DIeXZhTcd6rlPozlFOiEZdjNxuA3RTcbo6xfkJgIbW+ZEv
OrA5FLiPTDy3ozh1hI7h9xbmTegiGXlKllTpfbPhmv6XxvUa0NAoRVcU/iIzGifZ
MW/3EikeSlCTPh00cLNMRiUYIDxQLY0dAZtdLgdfEXxgAjfPkN6B5hEHKXeY8uQd
T7cfEEX8pJt5u8pEFVrIqbnKeFHnnmKUKzqPgOukioH0LctVBfvna60PqKZ39iZt
MdvfEle5VYE=
=zWDY
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list