Ability to reference existing type 61 OPENPGPKEY DNS resource records

[m-ueberall]

The Encryption: directive should allow to reference existing type 61 (OPENPGPKEY) DNS resource records as well (in conjunction with proper DNSSEC signatures, this should be considered more secure).
Independently of the above (e.g., in cases where both a type 61 resource record as well as a link to a file containing a public key exist and both are associated with the same email address), it would be helpful if the standard explicitly suggested what to do in cases where there are inconsistencies.

[nightwatchcyber]

Perhaps we can expand this to reference all kinds of PKI DNS records? I am thinking of the ones defined by DANE:
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

[nightwatchcyber]

Wondering if we can use the URI scheme for DNS, as per RFC 4501:
https://tools.ietf.org/html/rfc4501

[austinheap]

FWIW I'm supportive of this given that we use RFC 4501 like @nightwatchcyber suggested.

[nightwatchcyber]

@m-ueberall - would this work?

Encryption: dns:5d2d3ceb7abe552344276d47d36._openpgpkey.example.org?type=OPENPGPKEY

[nightwatchcyber]

This is done for the Encryption field - it allows DNS records to be referenced