Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)

Andrey Jivsov <> Thu, 18 July 2013 18:37 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8654721E8167 for <>; Thu, 18 Jul 2013 11:37:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.437
X-Spam-Status: No, score=-0.437 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xgIjTIcLJKNx for <>; Thu, 18 Jul 2013 11:37:26 -0700 (PDT)
Received: from ( [IPv6:2001:558:fe2d:43:76:96:30:96]) by (Postfix) with ESMTP id 3A51021E8161 for <>; Thu, 18 Jul 2013 11:37:23 -0700 (PDT)
Received: from ([]) by with comcast id 1uCd1m00B0vp7WLA9udNVs; Thu, 18 Jul 2013 18:37:22 +0000
Received: from [] ([]) by with comcast id 1udL1m00Y2g33ZR8RudLfs; Thu, 18 Jul 2013 18:37:22 +0000
Message-ID: <>
Date: Thu, 18 Jul 2013 11:33:50 -0700
From: Andrey Jivsov <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130625 Thunderbird/17.0.7
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=q20121106; t=1374172642; bh=482shEaz74hHUCQl6CPOB1zmFeKaQFTIKMx601UNV9k=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=m/5zLl9KgNN9Pm8UzynG9n/rdHZuaqT8ocNW5SHoKG84YrQg+q1ReKgc5tEjeFnVJ 23XncN48rPsc/w2iQFU6b5wOwHMC0rwiM8Kq1EVUbe9f3gmrSRE+OSgqHhqBacvadB nLJfqkYil36uReqURXiBgmfRYm8UKb+VfswJCeJhjvkg807kR8XVnBMoeU1IxdaVnV yUIiKFOgLlgrdK37tBB3/1tyOSsr5sHtHjQ6ju5LVgHLQVuUI7d/KtxRln8Xc36LY8 2w/Mv6uSeFQUEKPCFfUR80RdoPgWj79JjhtJAEcAXZ01yxrA/5TCBN1csB2rfXnqfA l2yiDAtU7O1Kg==
Cc: Paul Wouters <>
Subject: Re: [openpgp] Fwd: New Version Notification for draft-wouters-dane-openpgp-00.txt (fwd)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 18 Jul 2013 18:37:30 -0000

On 07/15/2013 07:01 PM, Paul Wouters wrote:
> On Mon, 15 Jul 2013, Andrey Jivsov wrote:
>> A few quick comments follow.
> Thanks for the comments.
>> This ignores prior work in this area. is
>> known to solve exactly the problems you described for many years now.
> Ahh, yet another different webgui? I see the howto also states "You can
> only remove your own key and the email address must match exactly". I
> had one of my email addresses yanked two years ago with zero notice. I
> would not have been able to remove my key. But even so, many (most?)
> people still seem to use other more well known, non-commercial,
> keyservers, such as and Even if I use very
> secure key servers, if people look for my key on crappy old key servers,
> the risk remains.

Yes, it's a valid use case. The server will 
periodically send renewal requests to e-mails on the key, and if the 
owner doesn't reply the key key will be deleted.

>> 2. Given that the size of the record is very important when stored in
>> DNS records, it's odd to see that ECC OpenPGP keys are not even
>> mentioned.
> I specifically did not want to limit the record to any particular type.
> I just wanted it to support RFC OpenPGP compliant keys. Some people
> don't want to use ECC (for legal other other reasons). Others don't
> want to use ElGamal, DSA, RSA, etc. There is no reason for this draft
> to distinguish and force people to pick a specific key type.

I agree that support for all keys is one way to do this, but this 
intention is unclear from the draft-wouters-dane-openpgp-00.txt: if one 
mentions RFC 4880 but not RFC 6637, it can be interpreted as the 
exclusion of ECC keys.