On 03/14/2016 08:18 AM, John C Klensin wrote:
However, consider a different case. Assume I have a message,
whose content I consider sensitive, that I need to transmit to a
party I know but with whom I have not corresponded by email
before (and, therefore, Doug's "replying to message" case does
not apply). Now I don't need to send that by email. I may
have the post, fax, assorted courier services, reading it on the
phone (PSTN or VoIP), transmission it by IM or text message, and
other methods available to me.
In this scenario the PGP community has long (and I mean, for 20 years or
so) advised to ring the person and confirm their key fingerprint (and by
extension preferred e-mail address) over the phone. I don't see any
reason why the existence of a DNS mechanism would change that advice.
[1] As an aside, if I've got a trusted way to obtain that
fingerprint without using the DNS, I most likely have another
way to obtain the key so I don't need this I-D and protocol.
When that argument is reversed, some of the advantages of Doug's
suggestion (somewhat similar to that of others, earlier) to put
fingerprint (and maybe other) information in the DNS rather than
the key itself become obvious. But, if we are really committed
to letting a thousand experiments bloom, that is not relevant.
Thanks!
Doug