DNS record for finding a key from an e-mail address
jmire at lsuhsc.edu
Mon Mar 14 23:25:49 CET 2016
-----BEGIN PGP SIGNED MESSAGE-----
On 3/14/2016 15:38, Doug Barton wrote:
In one version the receiving user would create a truncated version of
their key, using only the UID that is related to that e-mail address.
The sending user would retrieve that key, and the mail software would
rely on it to encrypt the mail to the receiving user. There is also some
discussion in regards to how or whether the software doing the DNS
lookup would, or would not, also utilize the sending user's key ring,
but let's keep it simple for now.
In another version the receiving user would place the full fingerprint
of their key in the DNS, and the sending user's software would use that
fingerprint to retrieve the key and compare that retrieved key to the
user's existing WOT, then inform the user of the results.
Of these alternatives, which do you see as most useful, and why? Or, do
you imagine a different app [..snip..]
There are other people that are more qualified to answer this, but
having been a sysadmin
since mail route maps were the rule and NS was a hosts.txt downloaded
from your upstream
I think there is a system in place that works pretty well, keys are not
'siloed' in one place but are
distributed to every keyserver for the public to see, its the sks
openpgp keyservers. At last count,
there are 4,215,893 keys that occupy approximately 7.7Gb of space.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Gnupg-users