Petr Spacek <[email protected]> writes:
> Hello,
>
> On 23.7.2014 23:34, Frederico A C Neves wrote:
>> Dear Colleagues,
>>
>> Bellow is a completed template requesting a new RRTYPE assignment
>> under the procedures of RFC6895.
>>
>> This message starts a 2 weeks period for an expert review of the DNS
>> RRTYPE parameter allocation for OPENPGPKEY specified at:
>>
>> http://tools.ietf.org/html/draft-ietf-dane-openpgpkey-00#section-2
>
> I was asking dane-list [1] if it makes sense to publish PGP key
> revocation certificate in OPENPGPKEY. I haven't heard any reply to
> this idea yet (maybe it is too dumb idea to warrant single reply).
>
> There is one important detail to note:
> - OPENPGPKEY as proposed requires DNSSEC protection (it is public key).
Note that this public key could still (theoretically) be signed. Unless
DANE is specifying it differently there should be no limitation that it
be *just* the public key.
> - Key revocation certificate doesn't require DNSSEC because the
> certificate itself is signed.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
[email protected] PGP key available
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
