On Sat 08/May/2021 19:26:02 +0200 John Levine wrote:
It appears that John C Klensin <john-ietf(_at_)jck(_dot_)com> said:
FWIW, also note that ideas of putting user or mailbox names (not
just host names) into the DNS to support a variety of things has
been around since the early design of the DNS.
I'd forgotten about RFC 7929 which purports to put PGP keys
in the DNS. [...]
I want to stress that I don't think this is a terrible idea,
especially if it were used to retrieve keys for S/MIME or PGP
use rather than inventing yet another mechanism.
I think it's a terrible idea both because it puts the keys in the wrong
place and the reasons you gave, extensions are optional which means
not implemented.
I'm not clear why a domain's MX would be the wrong place. A similar idea is to
store the keys at a domain's well-known place, so as to get them via https.
The draft also includes a mail-based protocol to update the web key directory.
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service
Best
Ale
--
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp