Here is a first rough idea.
The DNS admin provides a set of public keys as new DNS records (along the
lines of Paul Vixie's proposed Mail From MX records, so no big
implementation hassle for DNS) along with a key index for each key (just a
tag distinguishing it from all the other keys for the same domain).
DNS has a rarely used Options field whereby you can insert various
information. We were going to use it for DNS-based content delivery
interworking (CDI)..though that WG is all but dead. We had used it to pass
the source IP of the originating resolver so that the destination CDN could
best geo-position the content. Such a field might come into play here and
is fully interoperable with all DNS servers..it's simply igntored.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg