A few quick comments follow.
1.
Currently deployed key servers have no method of validating any
uploaded OpenPGP public key. The key servers simply store and
publish. Anyone can add public keys with any name or email address
and anyone can add signatures to any other public key using forged
malicious identities. For example, bogus keys of prominent
dissidents have been uploaded to these well-known key servers in
attempts to capture encrypted email. Furthermore, once uploaded,
public keys cannot be deleted. People who did not pre-sign a key
revocation and who have lost access to their private key can never
remove their public key from these key servers.
This ignores prior work in this area. https://keyserver.pgp.com is known
to solve exactly the problems you described for many years now.
2. Given that the size of the record is very important when stored in
DNS records, it's odd to see that ECC OpenPGP keys are not even
mentioned. In fact, given that we are talking about a new format here,
one can see many benefits of standardizing *only* on ECC keys or at
least preferring/encouraging ECC keys.
I think you raise a valid concern that keys placed in DNS records should
be "cleaned". A 4096 bit RSA key with 10 subkeys and 3d party signatures
seems excessive.
I planned to introduce the compact key format
http://tools.ietf.org/html/draft-jivsov-ecc-compact soon to OpenPGP.
This might be a mandatory tweak to further minimize the size for ECC
keys when stored in DNS records.
3. I suspect that "4.6. Subject: line encryption" is prone to bugs for
complex messages with multiple MIME parts. It probably needs more work
to be acceptable.
On 07/15/2013 03:32 PM, Paul Wouters wrote:
I've submitted a draft to associate an PGP public key with an email
address using DANE.
Paul
A new version of I-D, draft-wouters-dane-openpgp-00.txt
has been successfully submitted by Paul Wouters and posted to the
IETF repository.
Filename: draft-wouters-dane-openpgp
Revision: 00
Title: Using DANE to Associate OpenPGP public keys with email
addresses
Creation date: 2013-07-15
Group: Individual Submission
Number of pages: 11
URL:
http://www.ietf.org/internet-drafts/draft-wouters-dane-openpgp-00.txt
Status: http://datatracker.ietf.org/doc/draft-wouters-dane-openpgp
Htmlized: http://tools.ietf.org/html/draft-wouters-dane-openpgp-00
Abstract:
OpenPGP is a message format for email (and file) encryption, that
lacks a standarized secure lookup mechanism to obtain OpenPGP public
keys. This document specifies a standarized method for securely
publishing and locating OpenPGP public keys in DNS using a new
OPENPGPKEY DNS Resource Record.
The IETF Secretariat
...
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp