On 07/15/2013 07:01 PM, Paul Wouters wrote:
On Mon, 15 Jul 2013, Andrey Jivsov wrote:
A few quick comments follow.
Thanks for the comments.
This ignores prior work in this area. https://keyserver.pgp.com is
known to solve exactly the problems you described for many years now.
Ahh, yet another different webgui? I see the howto also states "You can
only remove your own key and the email address must match exactly". I
had one of my email addresses yanked two years ago with zero notice. I
would not have been able to remove my key. But even so, many (most?)
people still seem to use other more well known, non-commercial,
keyservers, such as pgp.mit.edu and pgp.surfnet.nl. Even if I use very
secure key servers, if people look for my key on crappy old key servers,
the risk remains.
Yes, it's a valid use case. The https://keyserver.pgp.com server will
periodically send renewal requests to e-mails on the key, and if the
owner doesn't reply the key key will be deleted.
2. Given that the size of the record is very important when stored in
DNS records, it's odd to see that ECC OpenPGP keys are not even
mentioned.
I specifically did not want to limit the record to any particular type.
I just wanted it to support RFC OpenPGP compliant keys. Some people
don't want to use ECC (for legal other other reasons). Others don't
want to use ElGamal, DSA, RSA, etc. There is no reason for this draft
to distinguish and force people to pick a specific key type.
I agree that support for all keys is one way to do this, but this
intention is unclear from the draft-wouters-dane-openpgp-00.txt: if one
mentions RFC 4880 but not RFC 6637, it can be interpreted as the
exclusion of ECC keys.
...
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp