-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to reference existing type 61 OPENPGPKEY DNS resource records #28
Comments
Perhaps we can expand this to reference all kinds of PKI DNS records? I am thinking of the ones defined by DANE: |
Wondering if we can use the URI scheme for DNS, as per RFC 4501: |
FWIW I'm supportive of this given that we use RFC 4501 like @nightwatchcyber suggested. |
@m-ueberall - would this work?
|
This is done for the Encryption field - it allows DNS records to be referenced |
The
Encryption:
directive should allow to reference existing type 61 (OPENPGPKEY
) DNS resource records as well (in conjunction with proper DNSSEC signatures, this should be considered more secure).Independently of the above (e.g., in cases where both a type 61 resource record as well as a link to a file containing a public key exist and both are associated with the same email address), it would be helpful if the standard explicitly suggested what to do in cases where there are inconsistencies.
The text was updated successfully, but these errors were encountered: