On Tue, 16 Jul 2013 00:32, paul(_at_)nohats(_dot_)ca said:
I've submitted a draft to associate an PGP public key with an email address
using DANE.
Some quick notes:
Basically this is the same as the existing CERT RRs which are support by
GnuPG for many years. The twist here is the Base32 encoding, which is
avoids a few problems. I might haved missed that but they are not
mentioned in the I-D.
What I miss in this I-D are indirections and the use of URLs to download
a complete key. Putting a 100k keyring into the DNS does not seem to be
optimal. Granted, this is the exception but provisions for this should
be defined.
I consider wildcard mail address a bad idea. If you do not want
end-to-end encryption, STARTTLS is much easier measure (we are not
relaying anymore, right?)
4.6. Subject: line encryption
There is a well defined way to do this. The special case for the
Subject is not needed. Wrap the mail into an message/rfc822 containers
which has innocent headers. In any case I doubt that this is in the
scope of the I-D.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp