>>>>> "PS" == Petr Spacek <[email protected]> writes:
PS> I was asking dane-list [1] if it makes sense to publish PGP key PS> revocation certificate in OPENPGPKEY. I haven't heard any reply to PS> this idea yet (maybe it is too dumb idea to warrant single reply). I must have missed that last paragraph when I replied to the other part of that mail. If one is to publish openpgp keys in dns, then also publishing related revocation certs seems reasonable. If the querier already has a path through the WoT to the revoked key, a revocation signed by that key indeed does not need a dnssec trust path, too. But if the querier does not have a WoT path, they would benefit from the dnssec path. So as you wrote a signed revocation is useful even w/o dnssec, but dnssec does benefit some. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
