Request: --export-options export-dane-modern
raf
gnupg at raf.org
Wed Sep 1 08:20:05 CEST 2021
Hi,
Is there any chance that a new export option could be
added (alongside or instead of export-dane) to output
"modern" Bind9 zonefile syntax (i.e. "OPENPGPKEY" rather
than "TYPE61 \# 2193", and base64 rather than hexadecimal)?
I suppose it's not important. It's just prettier.
But since DNS query tools like host and dig output
OPENPGPKEY records in base64, it would make it easier
to compare their output against gpg's output.
The reason I'm asking is that DNSSEC is so easy to
implement these days (at least with the new debian-11
which has bind-9.16+), and I've just written a DANE
management tool that makes DANE easy to implement.
So far it only handles TLSA and SSHFP. I'd like to add
support for OPENPGPKEY (i.e. calling gpg to produce the
record, and calling host to check that it's published).
I could (and probably will) get it to transform gpg's
output itself, but I thought I'd ask.
cheers,
raf
More information about the Gnupg-users
mailing list