< draft-ietf-dane-openpgpkey-00.txt		draft-ietf-dane-openpgpkey-01.txt >
	Network Working Group P. Wouters, Ed.		Network Working Group P. Wouters, Ed.
	Internet-Draft Red Hat		Internet-Draft Red Hat
	Intended status: Standards Track April 10, 2014		Intended status: Standards Track October 27, 2014
	Expires: October 12, 2014		Expires: April 30, 2015
	Using DANE to Associate OpenPGP public keys with email addresses		Using DANE to Associate OpenPGP public keys with email addresses
	draft-ietf-dane-openpgpkey-00		draft-ietf-dane-openpgpkey-01
	Abstract		Abstract
	OpenPGP is a message format for email (and file) encryption, that		OpenPGP is a message format for email (and file) encryption, that
	lacks a standarized lookup mechanism to obtain OpenPGP public keys.		lacks a standarized lookup mechanism to obtain OpenPGP public keys.
	This document specifies a standarized method for securely publishing		This document specifies a standarized method for securely publishing
	and locating OpenPGP public keys in DNS using a new OPENPGPKEY DNS		and locating OpenPGP public keys in DNS using a new OPENPGPKEY DNS
	Resource Record.		Resource Record.
	Status of This Memo		Status of This Memo
	skipping to change at page 1, line 34 ¶		skipping to change at page 1, line 34 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on October 12, 2014.		This Internet-Draft will expire on April 30, 2015.
	Copyright Notice		Copyright Notice
	Copyright (c) 2014 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 3, line 37 ¶		skipping to change at page 3, line 37 ¶
	This document also makes use of standard DNSSEC and DANE terminology.		This document also makes use of standard DNSSEC and DANE terminology.
	See DNSSEC [RFC4033], [RFC4034], [RFC4035], and DANE [RFC6698] for		See DNSSEC [RFC4033], [RFC4034], [RFC4035], and DANE [RFC6698] for
	these terms.		these terms.
	2. The OPENPGPKEY Resource Record		2. The OPENPGPKEY Resource Record
	The OPENPGPKEY DNS resource record (RR) is used to associate an end		The OPENPGPKEY DNS resource record (RR) is used to associate an end
	entity OpenPGP public key with an email address, thus forming a		entity OpenPGP public key with an email address, thus forming a
	"OpenPGP public key association".		"OpenPGP public key association".
	The type value allocated for the OPENPGPKEY RR type is [TBD]. The		The type value allocated for the OPENPGPKEY RR type is 61. The
	OPENPGPKEY RR is class independent. The OPENPGPKEY RR has no special		OPENPGPKEY RR is class independent. The OPENPGPKEY RR has no special
	TTL requirements.		TTL requirements.
	2.1. The OPENPGPKEY RDATA component		2.1. The OPENPGPKEY RDATA component
	The RDATA (or RHS) of an OPENPGPKEY Resource Record contains a single		The RDATA (or RHS) of an OPENPGPKEY Resource Record contains a single
	value consisting of a [RFC4880] formatted OpenPGP public keyring.		value consisting of a [RFC4880] formatted OpenPGP public keyring.
	2.2. The OPENPGPKEY RDATA wire format		2.2. The OPENPGPKEY RDATA wire format
	skipping to change at page 6, line 22 ¶		skipping to change at page 6, line 22 ¶
	Therefor, an OpenPGP key obtained via an OPENPGPKEY record can only		Therefor, an OpenPGP key obtained via an OPENPGPKEY record can only
	be trusted as much as the DNS domain can be trusted, and are no		be trusted as much as the DNS domain can be trusted, and are no
	substitute for in-person key verification of the "Web of Trust". See		substitute for in-person key verification of the "Web of Trust". See
	[OPENPGPKEY-USAGE] for more in-depth information on safe usage of		[OPENPGPKEY-USAGE] for more in-depth information on safe usage of
	OPENPGPKEY based OpenPGP keys.		OPENPGPKEY based OpenPGP keys.
	6. IANA Considerations		6. IANA Considerations
	6.1. OPENPGPKEY RRtype		6.1. OPENPGPKEY RRtype
	This document uses a new DNS RR type, OPENPGPKEY, whose value [TBD]		This document uses a new DNS RR type, OPENPGPKEY, whose value 61 has
	has been allocated by IANA from the Resource Record (RR) TYPEs		been allocated by IANA from the Resource Record (RR) TYPEs
	subregistry of the Domain Name System (DNS) Parameters registry.		subregistry of the Domain Name System (DNS) Parameters registry.
	7. Acknowledgements		7. Acknowledgements
	This document is based on RFC-4255 and draft-ietf-dane-smime whose		This document is based on RFC-4255 and draft-ietf-dane-smime whose
	authors are Paul Hoffman, Jacob Schlyter and W. Griffin. Olafur		authors are Paul Hoffman, Jacob Schlyter and W. Griffin. Olafur
	Gudmundsson provided feedback and suggested various improvements.		Gudmundsson provided feedback and suggested various improvements.
	Willem Toorop contributed the gpg and hexdump command options.		Willem Toorop contributed the gpg and hexdump command options.
	8. References		8. References
	skipping to change at page 7, line 19 ¶		skipping to change at page 7, line 19 ¶
	Thayer, "OpenPGP Message Format", RFC 4880, November 2007.		Thayer, "OpenPGP Message Format", RFC 4880, November 2007.
	[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic		[RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic
	Message Syntax", RFC 5754, January 2010.		Message Syntax", RFC 5754, January 2010.
	8.2. Informative References		8.2. Informative References
	[OPENPGPKEY-USAGE]		[OPENPGPKEY-USAGE]
	Wouters, P., "Usage considerations with the DNS OPENPGPKEY		Wouters, P., "Usage considerations with the DNS OPENPGPKEY
	record", draft-dane-openpgpkey-usage (work in progress),		record", draft-dane-openpgpkey-usage (work in progress),
	January 2014.		October 2014.
	[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS		[RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
	Specification", RFC 2181, July 1997.		Specification", RFC 2181, July 1997.
	[RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April		[RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April
	2001.		2001.
	[RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record		[RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record
	(RR) Types", RFC 3597, September 2003.		(RR) Types", RFC 3597, September 2003.
End of changes. 6 change blocks.
	8 lines changed or deleted		8 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/