| < draft-ietf-dane-openpgpkey-00.txt | draft-ietf-dane-openpgpkey-01.txt > | |||
|---|---|---|---|---|
| Network Working Group P. Wouters, Ed. | Network Working Group P. Wouters, Ed. | |||
| Internet-Draft Red Hat | Internet-Draft Red Hat | |||
| Intended status: Standards Track April 10, 2014 | Intended status: Standards Track October 27, 2014 | |||
| Expires: October 12, 2014 | Expires: April 30, 2015 | |||
| Using DANE to Associate OpenPGP public keys with email addresses | Using DANE to Associate OpenPGP public keys with email addresses | |||
| draft-ietf-dane-openpgpkey-00 | draft-ietf-dane-openpgpkey-01 | |||
| Abstract | Abstract | |||
| OpenPGP is a message format for email (and file) encryption, that | OpenPGP is a message format for email (and file) encryption, that | |||
| lacks a standarized lookup mechanism to obtain OpenPGP public keys. | lacks a standarized lookup mechanism to obtain OpenPGP public keys. | |||
| This document specifies a standarized method for securely publishing | This document specifies a standarized method for securely publishing | |||
| and locating OpenPGP public keys in DNS using a new OPENPGPKEY DNS | and locating OpenPGP public keys in DNS using a new OPENPGPKEY DNS | |||
| Resource Record. | Resource Record. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 12, 2014. | This Internet-Draft will expire on April 30, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 37 ¶ | skipping to change at page 3, line 37 ¶ | |||
| This document also makes use of standard DNSSEC and DANE terminology. | This document also makes use of standard DNSSEC and DANE terminology. | |||
| See DNSSEC [RFC4033], [RFC4034], [RFC4035], and DANE [RFC6698] for | See DNSSEC [RFC4033], [RFC4034], [RFC4035], and DANE [RFC6698] for | |||
| these terms. | these terms. | |||
| 2. The OPENPGPKEY Resource Record | 2. The OPENPGPKEY Resource Record | |||
| The OPENPGPKEY DNS resource record (RR) is used to associate an end | The OPENPGPKEY DNS resource record (RR) is used to associate an end | |||
| entity OpenPGP public key with an email address, thus forming a | entity OpenPGP public key with an email address, thus forming a | |||
| "OpenPGP public key association". | "OpenPGP public key association". | |||
| The type value allocated for the OPENPGPKEY RR type is [TBD]. The | The type value allocated for the OPENPGPKEY RR type is 61. The | |||
| OPENPGPKEY RR is class independent. The OPENPGPKEY RR has no special | OPENPGPKEY RR is class independent. The OPENPGPKEY RR has no special | |||
| TTL requirements. | TTL requirements. | |||
| 2.1. The OPENPGPKEY RDATA component | 2.1. The OPENPGPKEY RDATA component | |||
| The RDATA (or RHS) of an OPENPGPKEY Resource Record contains a single | The RDATA (or RHS) of an OPENPGPKEY Resource Record contains a single | |||
| value consisting of a [RFC4880] formatted OpenPGP public keyring. | value consisting of a [RFC4880] formatted OpenPGP public keyring. | |||
| 2.2. The OPENPGPKEY RDATA wire format | 2.2. The OPENPGPKEY RDATA wire format | |||
| skipping to change at page 6, line 22 ¶ | skipping to change at page 6, line 22 ¶ | |||
| Therefor, an OpenPGP key obtained via an OPENPGPKEY record can only | Therefor, an OpenPGP key obtained via an OPENPGPKEY record can only | |||
| be trusted as much as the DNS domain can be trusted, and are no | be trusted as much as the DNS domain can be trusted, and are no | |||
| substitute for in-person key verification of the "Web of Trust". See | substitute for in-person key verification of the "Web of Trust". See | |||
| [OPENPGPKEY-USAGE] for more in-depth information on safe usage of | [OPENPGPKEY-USAGE] for more in-depth information on safe usage of | |||
| OPENPGPKEY based OpenPGP keys. | OPENPGPKEY based OpenPGP keys. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| 6.1. OPENPGPKEY RRtype | 6.1. OPENPGPKEY RRtype | |||
| This document uses a new DNS RR type, OPENPGPKEY, whose value [TBD] | This document uses a new DNS RR type, OPENPGPKEY, whose value 61 has | |||
| has been allocated by IANA from the Resource Record (RR) TYPEs | been allocated by IANA from the Resource Record (RR) TYPEs | |||
| subregistry of the Domain Name System (DNS) Parameters registry. | subregistry of the Domain Name System (DNS) Parameters registry. | |||
| 7. Acknowledgements | 7. Acknowledgements | |||
| This document is based on RFC-4255 and draft-ietf-dane-smime whose | This document is based on RFC-4255 and draft-ietf-dane-smime whose | |||
| authors are Paul Hoffman, Jacob Schlyter and W. Griffin. Olafur | authors are Paul Hoffman, Jacob Schlyter and W. Griffin. Olafur | |||
| Gudmundsson provided feedback and suggested various improvements. | Gudmundsson provided feedback and suggested various improvements. | |||
| Willem Toorop contributed the gpg and hexdump command options. | Willem Toorop contributed the gpg and hexdump command options. | |||
| 8. References | 8. References | |||
| skipping to change at page 7, line 19 ¶ | skipping to change at page 7, line 19 ¶ | |||
| Thayer, "OpenPGP Message Format", RFC 4880, November 2007. | Thayer, "OpenPGP Message Format", RFC 4880, November 2007. | |||
| [RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic | [RFC5754] Turner, S., "Using SHA2 Algorithms with Cryptographic | |||
| Message Syntax", RFC 5754, January 2010. | Message Syntax", RFC 5754, January 2010. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| [OPENPGPKEY-USAGE] | [OPENPGPKEY-USAGE] | |||
| Wouters, P., "Usage considerations with the DNS OPENPGPKEY | Wouters, P., "Usage considerations with the DNS OPENPGPKEY | |||
| record", draft-dane-openpgpkey-usage (work in progress), | record", draft-dane-openpgpkey-usage (work in progress), | |||
| January 2014. | October 2014. | |||
| [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS | [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS | |||
| Specification", RFC 2181, July 1997. | Specification", RFC 2181, July 1997. | |||
| [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April | [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April | |||
| 2001. | 2001. | |||
| [RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record | [RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record | |||
| (RR) Types", RFC 3597, September 2003. | (RR) Types", RFC 3597, September 2003. | |||
| End of changes. 6 change blocks. | ||||
| 8 lines changed or deleted | 8 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||