Michael Helm <helm(_at_)fionn(_dot_)es(_dot_)net> writes:
One solution would be to put PGP Keys (Certificates) into DNS. Then
makes the linkage look like a mandatory requirement.
No, it's not a requirement. The phrase "one solution" means "this is
one approach" implying there are others.
Am I right that that anything that accomplishes this is ok
Well, yes, but I would still like to see a distributed solution come
sooner rather than later.
What kinds of uses would cause someone to look up keys w/o knowing
the user id, or other handle on the key, first?
Well, I was recently looking for a friend's key because I knew he
changed jobs and his old email address didn't work. So I searched on
last name to try to find him. However, I probably could have used
other search methods to do that as well.
Most of the time mailcrypt will just fetch the key using the full
email address.
Perhaps searches should be limited to full-word, lhs queries (so you
can't query on 'mit.edu' but you could query on 'warlord', 'derek',
and 'atkins'). I will note that using DNS loses the ability to do
partial searches; you could only 'search' by full email.
One of the benefits we can get by leveraging DNS is that key service
can be distributed.
Let 's not worry about distributability for the moment.
True, distributability is a separable problem.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available