Feedback requested: GnuPG lookup and retrieval of PGP certificates via DNS

Samir Nassar samir at
Tue May 17 18:00:19 CEST 2016

I put together a short 1-page document of around 300 words to illuminate
the mechanics to a group of friends of the new key lookup via PKA and

The document is available in PNG format at and please don't bookmark
the URI for long-term use. It is not a cool URI(2).

I used "Publishing Keys in DNS(3)" by Damien Goutte-Gattat as a reference.

I did not use the OPENPGPKEY RR type since it is not implemented in my
DNS server yet(4). I used TYPE37 for PKA and TYPE61 for DANE.

If you have comments, concerns, additions, detractions, denouncements,
or applause, the document and a sufficiently recent version of GnuPG
should help you find a way to share this with me. If you decide to reply
to the mailing list, keep in mind that it is a public list and to be
considerate of the others on this list.

[1] I know, I know: I am not using DNSSEC.
[2] Cool URIs don't change:
[3] Publishing Keys in DNS:
[4] Knot DNS features:

Samir Nassar
email:	samir at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160517/9f8296cd/attachment.sig>

More information about the Gnupg-users mailing list