OpenPGP data in the CERT RR
Simon Josefsson
jas at extundo.com
Tue Aug 6 03:24:01 CEST 2002
Simon Josefsson <jas at extundo.com> writes:
>> I think that this should be the key fingerprint, and then you can
>> CNAME as many other names to this one canonical name as you like:
>>
>> 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org. IN CERT PGP 0 0 <OpenPGP binary>
>>
>> email address:
>>
>> dshaw.jabberwocky.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
>>
>> 4 byte keyid:
>> 0x99242560.whatever.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
>>
>> 8 byte keyid:
>> 0x1DB698D7199242560.whatever.com. IN CNAME 0x7D92FD313AB6F3734CC59CA1DB698D7199242560.dnskeys.example.org.
>>
>> etc.
>>
>> This should work for either self-published or keyserver sort of
>> access.
>
> Yup. Are there cases (worth writing specifications for) where you
> only have a 4 or 8 byte key id? I would prefer to not add even more
> flexibility in the owner name guidelines if possible, as flexibility
> might mean wasted round trips querying for stuff that isn't there.
> Thanks for your comments.
Trying to be bit more clear: Changing the document to use the full
fingerprint all of the time is what I (now) think is the best idea.
Supporting 4 and 8 byte keyId's too seems like unnecessary work unless
it is really needed.
More information about the Gnupg-devel
mailing list