>The draft strives to make PGP scale, with an inevitable trade-off >in identity assurance. ... I've been trying to figure out what this draft provides that the existing widely implemented PGP keyservers don't. So far, it seems to be that in some cases it's easier to delete dead keys, although that makes some significant assumptions about how the provisioning systems work. We seem to agree that the security isn't very different: if the domain's management can run the DNS securely and truthfully represents its users' interests, DANE might be better, otherwise not. Since the most plausible usage scenario is opportunistic encryption to recipients, it doesn't really matter where the keys come from. For reasons discussed earlier, I don't think that publishing millions of keys in the DNS is likely to scale well, certainly no better and probably much worse than on the web where there are already plenty of giant databases. What am I missing? R's, John