You can publish PGP keys in DNS right now if you like, see RFC 2538.
Since not every PGP user is trusted with maintaining the DNS
information for the zone where she lives in, I've been thinking about
PGP key "hosting" in DNS. E.g., it would be possible to publish PGP
keys in DNS on behalf of others as "simon.josefsson.org.dnskeys.pgp.net".
One problem with publishing my PGP key under simon.josefsson.org is
that I already store my S/MIME cert there.... To save bandwidth, it
has been suggested that you could use e.g. "simon._pgp.josefsson.org"
(the dummy _pgp domain is inserted where the `@' is).
Derek Atkins <warlord(_at_)mit(_dot_)edu> writes:
Who said it was necessary. I was only suggesting it as one approach.
One of the benefits we can get by leveraging DNS is that key service
can be distributed.
Michael Helm <helm(_at_)fionn(_dot_)es(_dot_)net> writes:
Derek Atkins writes:
One solution would be to put PGP Keys (Certificates) into DNS. Then
you could easily lookup a key based on the userID, but you have to
already KNOW the userID. Unfortunately this doesn't help you lookup
a key by KeyID.
Why is it necessary to put certs into dns in order to accomplish
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord(_at_)MIT(_dot_)EDU PGP key available