While I agree that this is probably out of scope for the DANE WG it is a Very important part of promoting DANE and seeing adoption increase outside The expert user circles.
One of things we want to talk about next week is building tools that address What the group feels are necessary elements that might be missing or Impeding adoption for DANE. On 3/17/15, 1:08 PM, "John Levine" <[email protected]> wrote: >>I would like to suggest that we need to begin considering the need for >>users to directly affect the records that refer to them. ... > >In many cases it would indeed be useful to let people publish their >own keys. But I would strongly caution against designing the >publication mechanism around what seems convenient at the moment with >the DNS software people are familiar with. That approach has led to >some rather unfortunate designs, with SPF TXT records as the poster >child. > >If you want to provide a way for people to publish public keys for >their e-mail addresses, add a key publishing extension to POP and >IMAP. MUAs already need to know the private keys, so they know the >public keys, too. They already know how to talk to POP and IMAP >servers, they already have the user credentials to sign into those >servers, and in my experience, whoever runs the POP and IMAP servers >already knows what e-mail addresses correspond to those credentials. > >Then do NOT attempt to specify how the keys get from POP or IMAP into >the DNS provisioning system and into the DNS. There's a zillion >provisioning systems, most of which are awful, but which have to be >upgraded anyway if they're going to handle OPENPGPKEY and SMIMEA and >other new record types. > >R's, >John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
