PKA records
Werner Koch
wk at gnupg.org
Wed Nov 30 10:54:09 CET 2016
On Wed, 30 Nov 2016 07:16, gpg at rmf.io said:
> the new one that I exported only includes the key fingerprint, so it
> obviously cannot be used for retrieval alone. What am I missing?
Use
gpg --export-options export-pka --export USERID
to create resource records for use in zone files. The format of the PKA
record was changed from a TXT record to a CERT record (RFC-4398, IPGP
subtype). The above command only includes the fingerprint, but you can
also add an URL to it, albeit without gpg support to _create_ it.
gpg uses the fingerprint from the CERT record to lookup the key from a
keyserver or from the URL, if given.
I would suggest not to use PKA or DANE but settle for the Web Key
Directory; see recent posts at https://gnupg.org/blog/
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161130/fa2ceb85/attachment.sig>
More information about the Gnupg-users
mailing list