On Tue, 22 Sep 2015, John C Klensin wrote:
However, if you believe that, because of trust issues, people get keys only from personal contacts rather than indirectly from public databases, why are we discussing yet another public database-based approach? Or are you convinced that the problem with the other public databases is that the DNS is inherently better for some reason such as the inability of third parties not associated with the domain in the address to add keys?
Yes. The other common use problem is not being able to delete keys, so you end up using a keyserver, get a (verified by WoT) key and then in response you get a plaintext message saying "I forgot my passphrase so i cannot delete/revoke my old key". With DNS, you can remove the key from DNS without needing the private key or passphrase to it. Paul