ietf-openpgp
[Top] [All Lists]

Re: Please review OpenPGP part of RFC 2538bis

2004-11-07 06:13:44

* Simon Josefsson:

Is this correct?  Would it be useful to mention other kind of OpenPGP
data packets directly, as well?

Why do you want to duplicate this information?

Further, if someone has additional thoughts on he document, now would
be a good time to discuss them.

$ gpg --export "68FD549F" | wc -c
88127

Some OpenPGP certificates may have to be split across multiple
resource records.  Maybe DNS isn't such a great place to store them
after all. 8-/

In the URI type, it would be nice if some hashes are included.  As a
result, the protection offered by DNSSEC one day would extend to the
referenced document.

NAPTR records offer an interesting perspective for mapping domains
(and email address) to certificate references.  Such records could
look like this one:

  _openpgp.example.org IN NAPTR 10 10 "u" "PGP+D2U"
    "!^(.*)@example.org$!http://ca.example.org/lookup.cgi?user=\\1!";

(Some fields are probably completely wrong, I'm not well-versed in
NAPTR records yet.)


<Prev in Thread] Current Thread [Next in Thread>