Feedback requested: GnuPG lookup and retrieval of PGP certificates via DNS
Samir Nassar
samir at samirnassar.com
Tue May 17 18:00:19 CEST 2016
I put together a short 1-page document of around 300 words to illuminate
the mechanics to a group of friends of the new key lookup via PKA and
DANE(1).
The document is available in PNG format at
https://beta.samirnassar.com/pgpdns/latest.png and please don't bookmark
the URI for long-term use. It is not a cool URI(2).
I used "Publishing Keys in DNS(3)" by Damien Goutte-Gattat as a reference.
I did not use the OPENPGPKEY RR type since it is not implemented in my
DNS server yet(4). I used TYPE37 for PKA and TYPE61 for DANE.
If you have comments, concerns, additions, detractions, denouncements,
or applause, the document and a sufficiently recent version of GnuPG
should help you find a way to share this with me. If you decide to reply
to the mailing list, keep in mind that it is a public list and to be
considerate of the others on this list.
[1] I know, I know: I am not using DNSSEC.
[2] Cool URIs don't change: https://www.w3.org/Provider/Style/URI.html
[3] Publishing Keys in DNS: https://incenp.org/notes/2015/keys-in-dns.html
[4] Knot DNS features:
https://www.knot-dns.cz/docs/2.x/singlehtml/index.html#knot-dns-features
--
Samir Nassar
web: samirnassar.com
email: samir at samirnassar.com
PGP: pgp.samirnassar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160517/9f8296cd/attachment.sig>
More information about the Gnupg-users
mailing list