The IESG has received a request from the DNS-based Authentication of
Named Entities WG (dane) to consider the following document:
- 'Using DANE to Associate OpenPGP public keys with email addresses'
<draft-ietf-dane-openpgpkey-07.txt> as Experimental RFC
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2016-02-22. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.
Abstract
OpenPGP is a message format for email (and file) encryption that
lacks a standardized lookup mechanism to securely obtain OpenPGP
public keys. DNS-Based Authentication of Named Entities ("DANE") is
a method for publishing public keys in DNS. This document specifies
a DANE method for publishing and locating OpenPGP public keys in DNS
for a specific email address using a new OPENPGPKEY DNS Resource
Record. Security is provided via Secure DNS, however the OPENPGPKEY
record is not a replacement for verification of authenticity via the
"Web of Trust" or manual verification. The OPENPGPKEY record can be
used to encrypt an email that would otherwise have to be send
unencrypted.
The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/
IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ballot/
No IPR declarations have been submitted directly on this I-D.
This is a second IETF last call - the diff from version -05 which
was the subject of the previous IETF last call is at [1].
[1] https://www.ietf.org/rfcdiff?url1=draft-ietf-dane-openpgpkey-05&url2=draft-ietf-dane-openpgpkey-07
