The draft strives to make PGP scale, with an inevitable trade-off
in identity assurance. ...
I've been trying to figure out what this draft provides that the
existing widely implemented PGP keyservers don't. So far, it seems to
be that in some cases it's easier to delete dead keys, although that
makes some significant assumptions about how the provisioning systems
We seem to agree that the security isn't very different: if the
domain's management can run the DNS securely and truthfully represents
its users' interests, DANE might be better, otherwise not. Since the
most plausible usage scenario is opportunistic encryption to
recipients, it doesn't really matter where the keys come from.
For reasons discussed earlier, I don't think that publishing millions
of keys in the DNS is likely to scale well, certainly no better and
probably much worse than on the web where there are already plenty of
What am I missing?