IETF Logo Mail Archive

[DNSOP] DNS-designated Public Key Authorities (DKA)

S Kishore <k.s.swaminathan@live.com> Fri, 29 May 2026 18:42 UTC

Return-Path: <k.s.swaminathan@live.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A772DF796C7E; Fri, 29 May 2026 11:42:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780080166; bh=nwsDsL/ASME1Z/nB4H0ialfSFFlWaIJ/NaKM6mTZRBY=; h=From:To:Subject:Date; b=BO7WuUvrXDysTTbV7TWkcrZMT+KGjjnDifSa++9KDOjPxdZJh/EZXUb2Jy/CJsg97 7D4ooa9PL5Q0OU61dAisccPNg7KuPRdzyrDjh+w6lwBM7gDpFxYWv/ybO/ksOkor1+ G/F4iHBu2GBaY5lhdGMIZLqORsW8/Tmc0Am2zLWU=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=live.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SoVgQkCdKMry; Fri, 29 May 2026 11:42:46 -0700 (PDT)
Received: from SA9PR02CU001.outbound.protection.outlook.com (mail-southcentralusazolkn19013082.outbound.protection.outlook.com [52.103.14.82]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 70E99F796B38; Fri, 29 May 2026 11:42:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=hXD7/z3TRb1vKrJDcETIflhui6KAsTNbBgMKumY/rQIcne2yFY9ehLzzS38A0UazwTP2CsyQ70oQRJ6Ndn9sQEzscqbE3Jp+tAlHgEKEnmdPY/IsInR8VZvGyVH3nAQbIqmc9AHAiSVMyVugXw9VUJqAQKMoh5qxFahh0qHXxgzwX1EmnqptH4FICSNxSscZ+yTOLxWPW5ju2KBoUdlA7vhUQek4F/VIUhz+82AThmFTFjABFAEilwnoBZSMtwaPYj0gyBrm5EBjVcPixlXeuMDAr4hPThpx4cQ2KKeuNW6VoUdYzkl+2LttacuacUcpID8XmOphLQyGFsrIZi1LUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nwsDsL/ASME1Z/nB4H0ialfSFFlWaIJ/NaKM6mTZRBY=; b=IFUQNElJ7bo8nCIEzO30eLSLqRFvbTChwKoe7eV1U7NMWnNKg8T4JbIh2MihkBu68LalPS+OC9jcS0gaS3cyGzMS0miubrIUO6sIu6eGhZJlRwI85F1V8726nOYzvsEbIXr4wFVs19Ho+6x7g2iG2305z9B5D+FesrjEbeQMh2v5R01c5ttX/REomhdAq25fiy5NjMlC3CdQW6oJFToYkCuErQQfx5EyWyleEtv9rZr2KZNKFUaU4Q2c1yxA28/5KW9n1/i7v7egB1cEmamoR3mWk19d+wZy4Ea+DVk2BqynQZDm4reQGVmNk7TCopZZDiJyi4p1StOU62wD/DXhdQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nwsDsL/ASME1Z/nB4H0ialfSFFlWaIJ/NaKM6mTZRBY=; b=apH+BfK1junKi63Df2GH89rHEKTqTCtzlkJ74Xgqdyrt01XLnuA+a/jp7bAXEVG+BWE64XEigIplShLzt81j3Pa1J2CEB2skkbbu5nya1wjENUGCUu3RmxwZIi0x2gzc1nhBWodeDnh4pOB9ofYnKa7sA+etyLR/78qrZC63ccD7OawaCjHtGRPUqvMEqTZTix7xTDqRjhEWvWbH8VW8nwWo32by5h+yoN4p9K3rBOaWsITUYt1vmunBAMYm8QfBRJlQrVELEEWpTk6ypTfU8z8DdZRHAxfQp4j+rXb9PfE3MaFAH8vpE2Wk47EPPxpIGq0vMyxrs+4+dBPfDL2LYg==
Received: from BL1PR11MB5269.namprd11.prod.outlook.com (2603:10b6:208:310::12) by SA2PR11MB4956.namprd11.prod.outlook.com (2603:10b6:806:112::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.71.15; Fri, 29 May 2026 18:42:16 +0000
Received: from BL1PR11MB5269.namprd11.prod.outlook.com ([fe80::b2fd:3865:9ee1:b4d]) by BL1PR11MB5269.namprd11.prod.outlook.com ([fe80::b2fd:3865:9ee1:b4d%6]) with mapi id 15.21.0071.014; Fri, 29 May 2026 18:42:16 +0000
From: S Kishore <k.s.swaminathan@live.com>
To: Art Area <art@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>
Thread-Topic: DNS-designated Public Key Authorities (DKA)
Thread-Index: AQHc75g0YG3qPHLDXUecUHSrQJvfnQ==
Date: Fri, 29 May 2026 18:42:15 +0000
Message-ID: <BL1PR11MB5269D5F602EA7DE2DC9B8014C6162@BL1PR11MB5269.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-reactions: allow
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BL1PR11MB5269:EE_|SA2PR11MB4956:EE_
x-ms-office365-filtering-correlation-id: 1b8bc6d1-f0c0-4a18-9ad0-08debdb2015b
x-ms-exchange-slblob-mailprops: vuaKsetfIZm5z+gUodXMqCOLVyiKiA5AKttF1nmpM54sKnug9noZlsQCp75RyQpvMylAG78poccwOErs2WJQy2n9/AJnqn9nm9jmp2MQIQ2mh5/gLMsHadysO/0Nkv5UzWgjrrJ7O8a1lL/x8rdQIKk/d6rMmWrzUHf5m5DQHNKWY3rAl0wXWur35RnAr++CyAO6kNRnBDgfbdkcA3iLo25oEFOEcfHd4joqdcY3TxBk0ZdySX7iPBLgJpLyJgYp6dgdWJ65y09VZxPV5oye05luEI/n/PI9vL6TX3DzO3nqmLX0Ozb86XqxHpl3W7Q3oK4bFZLGnzj6DKsCRkL9Jk24bqMZ9exwy9wxSN542Ngg4CHh2ic29wQxuDcPXG8a1USv3RZm0SBQGe20AwgJ5hROgd3rbRwQX0lfmYRtV8KvLhzfNfIDxbIAByrTOo1RAjG3DQDUaNzOXaqb1kvmUpI6dUnK65Z/9eoJW6WoxbzT5styrsqcps7T653pRgPc23SiO3P7I68BoWgS3qZk/mGJ8BUvlX7/B7exrzxHxGSEp+5CBoVRiktzf7J1rNV8PYCkbDTokdMo9PKp2GcdlsKB/CyDSWQV8qV70+A4gn99SE6ztycBMxFQfP3rEdRjcoUi6Pb+BZ2PAyGOlZQlMzrSwrxnkqnnbleW7XFge0CYJvwWmZ95QwQlRzHWiBqrKTsJNTt4XaAZjyc3NpVQeYXVgy2mlPUbC4gOnUKjPy210dd7P84SsETK1YYGACFBspF4+g3VgMM0ENWJMBLUBfT5ipleufbSd/SQ//pxzRugToy3FHni5dHSSpjJ9Fbf
x-microsoft-antispam: BCL:0;ARA:14566002|15080799012|41001999006|19110799012|8062599012|14030799003|8060799015|12050799012|31061999003|9400799043|24021099003|37011999003|10035399007|440099028|4302099013|3412199025|102099032|52005399003|40105399003|1602099012;
x-microsoft-antispam-message-info: qsm5LKlcUzIvVJuehrWoYJOHWX3eLEdr9iR4VUQ8XROuBDqcaBdb+p8u4NfZk3ITFCoR+ejfv3XGzU+05+zX+vIN6DanwrBU3NGudB/+xL8QpU+/gJKOnEM7HZ+nBpKr0R2RQ/vvO1/ZxUn2MHx0uTMrNHi+7RuXMlv8pAjcRVpOSDX6zZUFnlhlZGYA9ELzxM3TYjKk6qr2flIYaTev5/M5Mq8GIcKHYdh1FlwJJisrQnjB3lCVtklhXYfiHOHoLuE2oV5OWD4IM9Fj5VCgPKICwTtgHFrlM0VbauLpl5MeDwJqX+ti9e1tYokQXQ34P6g793COgO4m8afVOX1MFjYRqxOrfIfqAG9jZmBX8kt2ijnGqF2wKjtJfQIi2slDPte6y6jO2P+0o/keyxpsDyrcFHAPEaavRY6nEOKKe6REFkamQckLL10rxVqVGpmLluoUcr1A96ldgnN5MS53nxCIRX2nNdaXZDHn0NQ2bY3gDTJPTvaI5AFnNwMkJnZzKX4KkU7ahUyLD8U7LTNnUXywRxDQOHHzvSXo5e2K06lcL5V83dtEuKvRPZ1LwxKAbwQ2lyPhk+HhVlI5YUZh5xpl0Nc04R963BRPPi9ivmFp4S/zLT97PGu27HgUMQs6EOLmL48B/yrjr97n4nxGo/QG03U3eAfKY1uJa3B4P8ZCk/RQkr/ow53jyJsMtJFHfAH/L7Mtcb7p8nw8zv5LDGedQedsUQTB94jiKKwkKoAuGIIrHGFQiWFZb34eC70PKFWa016Ujm3pxoJSLXXDsKurviueFm+j7MzFfdXIy600T1/hgsxA6ZQSqr6kHUQzgDnCvyaBrhaO0aShQYQeCmyDHVsYoHyhWw/pcRPyFdQqpfJ6GXPeGUbcgk0FlAgpySrycOKKSY8/TbJhY6TekF19Ih44GOM5km6c4Bdwa0fi0haD3t51YAYF3lIcViD+rQc9nZ3yLkdu+TVLjbkUtARYJFy874cLkH7yUi6UjmF1kboGqc+ifYl+QLZldcVBMfX1SOS5OJmxsKq3RSonVWEF4i4KJaEDxKfv9p3LZSUFrPFEPi4ZdHJK4Qahrb2TBg3ixEOky4fmPikXaOUlbJfWmA0j6JoOYD5TYSaBmuUJDbDN/gCtL9jlHbYuV6ec
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Fpov/0Go/gWrgtFSdrQLDcJN3GK2rn7FXwH+gT2fjdGif2Ix/OEGvFbbUdqiESL6kv5hpqGvhY7lfWEuX2/MvhS1byYzZzfdeG0gX09N7OsrU6jOZOYfmFEcB0+I1mx0tH5TR5utAUkDsxxIyfwzoRo2zjG9FbZRGRWLAQt39gAUysb7S5N2IfTSuaCg0VKwaU5vPQN2MzqFgdawus/kF5lT7FDgdWP9h8nWOmhk3Yf2TreRiW5hG/efR25MX48cwG/QL7Pc2PAOv4gtUkpL28LOPf4u2cG/OJBwk6YexHYyN2+W2BzOwk4cvQPX4c1k1RL/VUsUSKg8Oaok4J/N5ozzNmEb9FawDiH0AyTbPNPOW83DeQfQBw2TejHF1W1i2hgndkqS36Q4c+j29tmFNZOmQwTMNdlwXmI6qjvLIOBx7c2e9qP/AUTyo+beoGuyjPAWDuiMjz2LlvMZsf3Wu0Go1F/tqCVGtUZ/sbWrEljMQYrsVq5LrfvK6/+G51gGtiX3QVpH8kzntVgK21JSSSAf99oVIb8JBWn/o34JPZ8dYAM6Oszm9T/ENAqQn8y7sAx+H3WfQrkL6Menlzv9AAe5gGz3bLqcQbtuaP0bj0joTHEuRtCDyjJ6z+mathggoG6p657sF3GcML7kZxCZ2CC/Nn4v9L6EewXqutkXMnRvKVwbTGNigbcMiF48OpdzkJf6KWgcKLpg4ziS7L/07SrQUsBiQJbF1b52vi6D8z3KkRR6H2qrw+zTo75B80BMurU8OPF0ec9g0DjssOncpqoX73yPIUbywTIkPpJTsAd5y5515Vhxuk/vQqFDS2Pc8ZXoPK79ZG+/oeX4yD12MgHws6kG5R08ICAwW+pEqMIQu6hCQFT2waMjcpabSz5zpdz3ss7nBAUM6OhDWmbGJyMTyKIhVVsgkIQXL1d39HrCeAHdzb174rpqEfx0t5388fVRfYjiobblFSeuaV18OJdD0uGnsBN7Al7T9NW0V11odQJICb7bKzFczj8Vm/2uETgImpqL7Kb1rL+DBNMBU5iD6ZZnE94ot+l7AGtf8vZi/cH+FOj0N4CLiVBEfbEGYaitWAIWGEgUIYjrqintO0J//i+ySacb03+BlQGOwSJR4sZhMiONuz4neGu5RTCVoECDFsBPcCSMYNEu6rPbHM28/I2V0HKulFGHyH9Wnqe2NWgK6gLO3ubwwzkKZH2juzXYSH7waiBp9HJGk9Wfx3piCFbX6B4wmQa6ZGa99MGnffZrX1QrwxotZpKsX738AtNjvWdDWAjdo7plOLkws38oydSjSfwCHgxv0iVJZWIlHKvME8GRiHNf06izaxZLEGcHMglqLz0q8FFlQxWl9oeo8hTiYfHbstgKrZ8ba4+OL+5dHuxx4fcw1VjWIJm/gbnTSlgBUF0e2CKXo2sKww==
Content-Type: multipart/alternative; boundary="_000_BL1PR11MB5269D5F602EA7DE2DC9B8014C6162BL1PR11MB5269namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-a6b68.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL1PR11MB5269.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b8bc6d1-f0c0-4a18-9ad0-08debdb2015b
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2026 18:42:15.7421 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA2PR11MB4956
Message-ID-Hash: XQSA32BPETNVUKB6U2CYQMU3EXULOOOH
X-Message-ID-Hash: XQSA32BPETNVUKB6U2CYQMU3EXULOOOH
X-MailFrom: k.s.swaminathan@live.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] DNS-designated Public Key Authorities (DKA)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dB2qIBEP7E9eCv3K-qNMTppDsSQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

All:

Greetings.

Based on feedback, a new version of "Domain Key Authorities (DKA): DNS-Designated Public Key Distribution for Email-Address Identifiers” has been submitted.

https://datatracker.ietf.org/doc/draft-swaminathan-dka-framework/


Abstract: Email-addresses are widely used beyond email itself, and
the Domain Key Authority (DKA) framework provides a DNS-anchored
mechanism for discovering public keys associated with those identifiers. A
domain uses DNS to designate an authoritative key service for email-address
identifiers under that domain. Instead of storing per-user public keys in DNS,
the domain publishes a lightweight DNS record (HTTPS and/or TXT) identifying the
hostname of its Domain Key Authority (DKA), and clients retrieve
selector-scoped public keys from the DKA over HTTPS. This design
uses DNS for what it does well -- global discovery and delegation -- while
moving per-identifier key storage and retrieval to infrastructure that
scales independently of DNS. The result is a DNS-anchored, application-
agnostic framework for discovering public keys associated with
email-address identifiers. The current draft adds HTTPS DNS record and
retains TXT records for backward compatibility, and provides a deterministic
DKA discovery and key lookup procedure.

The concept is not theoretical: an open-source implementation and a demo site exist at https://keyzero.org<https://keyzero.org/>.

All comments appreciated.

Kishore Swaminathan

v2.46.0 | Report a Bug | By Email | System Status