Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)

Werner Koch <> Tue, 16 July 2013 06:14 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4134021E81B1 for <>; Mon, 15 Jul 2013 23:14:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2h9-G4+bWy3j for <>; Mon, 15 Jul 2013 23:14:41 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 14EF521E81A8 for <>; Mon, 15 Jul 2013 23:14:40 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 4.80 #2 (Debian)) id 1UyyX0-0006R0-Cq for <>; Tue, 16 Jul 2013 08:14:38 +0200
Received: from wk by with local (Exim 4.80 #3 (Debian)) id 1UyyPI-0008OX-O6; Tue, 16 Jul 2013 08:06:40 +0200
From: Werner Koch <>
To: Paul Wouters <>
References: <>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=1E42B367;
Date: Tue, 16 Jul 2013 08:06:40 +0200
In-Reply-To: <> (Paul Wouters's message of "Mon, 15 Jul 2013 18:32:46 -0400 (EDT)")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 16 Jul 2013 06:14:46 -0000

On Tue, 16 Jul 2013 00:32, said:

> I've submitted a draft to associate an PGP public key with an email address using DANE.

Some quick notes:

Basically this is the same as the existing CERT RRs which are support by
GnuPG for many years.  The twist here is the Base32 encoding, which is
avoids a few problems.  I might haved missed that but they are not
mentioned in the I-D.

What I miss in this I-D are indirections and the use of URLs to download
a complete key.  Putting a 100k keyring into the DNS does not seem to be
optimal.  Granted, this is the exception but provisions for this should
be defined.

I consider wildcard mail address a bad idea.  If you do not want
end-to-end encryption, STARTTLS is much easier measure (we are not
relaying anymore, right?)

> 4.6.  Subject: line encryption

There is a well defined way to do this.  The special case for the
Subject is not needed.  Wrap the mail into an message/rfc822 containers
which has innocent headers.  In any case I doubt that this is in the
scope of the I-D.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.