OpenPGP data in the CERT RR

[Simon Josefsson <jas@extundo.com>]

I have tried to summarize the needs OpenPGP data in DNS have, abstract
and URL to draft below.  Similar discussion also applies to S/MIME,
but I'm publishing the OpenPGP document now as it is developed as free
software and has more to gain from public debate.

It would be nice if this WG could decide which approach for
application keying material in DNS they would rather see, otherwise
every application is likely to design this separately.  The draft
below is one attempt to solve this separately, there is a draft for
IPSEC with another solution, and drafts for other application seems to
be in preparations.  Perhaps they can be reviewed and lead to a WG
recommendation. I've tried to raise this discussion a few times, but I
see little consensus or (in the words of Mr. Vixie) leadership in
solving this problem in a way that DNSEXT would prefer.  How do you
want it to be solved?

http://www.ietf.org/internet-drafts/draft-josefsson-cert-openpgp-00.txt

Abstract

   This draft describes the decisions made in one pair of applications
   [4][5] that respectively serves and retrieve OpenPGP [3] Certificates
   and Revocation Signatures using the CERT Resources Record [2].  The
   intent is to provide a discussion on the kind of general updates
   needed to the CERT specification, and some suggested specific updates
   for the OpenPGP sub-type.  It is offered in the hope that this
   specification, together with similar efforts for other applications,
   can be reviewed when designing a generic solution or guidelines for
   storing application keying material in the Domain Name System (DNS),
   should it ever happen.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>