> On Sep 17, 2015, at 5:26 AM, John C Klensin <john-ietf@xxxxxxx> wrote: > > The document seems to say that I should not trust a key found by > this method just because of where I find it. That is entirely > consistent with other PGP documents and existing keyservers. I > should, instead, rely on web of trust relationships, e.g., > signatures on the particular key. OPENPGP is a data format, WoT is one way to employ that format to exchange messages. It is not a *required* way to use OPENPGP. In particular, if a user elects to configure an MUA to use DNSSEC as a trusted introducer, so as to be able to increase privacy of messaging beyond his immediate social circle, that's a fine choice. Think of it as "opportunistic PGP". It's what you do when you'd have otherwise sent the email in the clear anyway. -- Viktor.