OpenPGP data in the CERT RR
David Shaw
dshaw at jabberwocky.com
Tue Aug 6 00:07:03 CEST 2002
On Mon, Aug 05, 2002 at 05:46:40PM +0200, Simon Josefsson wrote:
> 2.1 OpenPGP Key ID Based RR Owner Name
>
> The Key ID owner name format is usually used in a situation where a
> party is serving keys on behalf of someone else. This is usually a
> big server containing lots of keys, used by many clients. The owner
> name should be the 4 byte OpenPGP Key ID prepended with "0x" (sans
> quotes) appended to the system's zone. An example:
>
> 0x789ABCDE.dnskeys.example.org. IN CERT PGP 0 0 <OpenPGP binary>
Are you sure this is a good idea? 4 byte key IDs can collide fairly
easily, especially with v3 keys. I think that this should be the key
fingerprint, and then you can CNAME as many other names to this one
canonical name as you like:
0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org. IN CERT PGP 0 0 <OpenPGP binary>
email address:
dshaw.jabberwocky.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
4 byte keyid:
0x99242560.whatever.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
8 byte keyid:
0x1DB698D7199242560.whatever.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
etc.
This should work for either self-published or keyserver sort of
access.
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list