On Mon, 1 Jun 2015, Stephan Bosch wrote:
From what I can tell, this document only describes how to publish and
retrieve a key in DNS/DNSSEC, i.e. in what format. I don't see any mention of
a procedure by which a key would get published. Since the domain would be
controlled by the mail provider, the user cannot do this directly. So, how
does a user go about getting his public key published in the DNS? What kind
of interaction do you envision between the service provider and the mail
user? Some kind of provider-specific web interface? Would it be useful to
devise some standardized (sub-)protocol for this, so that a MUA can easily
arrange this for the user (e.g. just after it generated the key pair)?
While that would be nice, the problem is how you authenticate that to
your ISP or mail hoster, DNS hoster or DNS webgui interface. I doubt
that you could find enough common ground for an authentication method
between those parties.
There are tools (like hash-slinger's openpgpkey command) that can
generate the DNS records. Those have to somehow get inserted into the
zone. Whatever the method is to get an A record in, is the method to
get an OPENPGPKEY record in.
It would be awesome if facebook (who announced pgp support today) or
google or yahoo would allow some method of receiving your public key[*]
but I would think those parties would convert your message into the
appropriate DNS record format.
Paul
[*] For instance a message "please publis my key" signed with that key
uploaded through their HTTPS / authentiacted website.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
