>OPENPGP is a data format, WoT is one way to employ that format to >exchange messages. It is not a *required* way to use OPENPGP.
Sure, but it's the way that everyone has used PGP for 20 years, and it's the security model that everyone I know expects when they use PGP keys. This draft uses a model in which the key is bound to a mailbox, not any stronger identity, and you have to trust that the domain's management fairly represents its users rather than e.g., publishing MITM keys that it controls. That's not a ridiculous model, but if that's the model, the draft and draft-ietf-dane-openpgpkey-usage need to say so. At this point, neither does. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
