>I would like to suggest that we need to begin considering the need for >users to directly affect the records that refer to them. ...
In many cases it would indeed be useful to let people publish their own keys. But I would strongly caution against designing the publication mechanism around what seems convenient at the moment with the DNS software people are familiar with. That approach has led to some rather unfortunate designs, with SPF TXT records as the poster child. If you want to provide a way for people to publish public keys for their e-mail addresses, add a key publishing extension to POP and IMAP. MUAs already need to know the private keys, so they know the public keys, too. They already know how to talk to POP and IMAP servers, they already have the user credentials to sign into those servers, and in my experience, whoever runs the POP and IMAP servers already knows what e-mail addresses correspond to those credentials. Then do NOT attempt to specify how the keys get from POP or IMAP into the DNS provisioning system and into the DNS. There's a zillion provisioning systems, most of which are awful, but which have to be upgraded anyway if they're going to handle OPENPGPKEY and SMIMEA and other new record types. R's, John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
