On Wed, 25 Mar 2015, Viktor Dukhovni wrote:
THe problem with canonicalizing addresses (akin to EXPN) is that
most sites simply won't want to publish this data. Returning a
key is very different from returning a "canonical address".
Any alternative protocol should just return the SMIME or PGP key
for the address, and avoid returning any intermediate "canonical"
addresses used to locate those.
You realise the openpgp key will likely contain any correct IDs right?
So if your protocol maps [email protected] to [email protected] and returns
the pgp key, they will know the "canonical" address. The more helpful
you are mapping to a key (like for "[email protected]" ?) the easier it
is to obtain email addresses.
Email addresses (like DNS data) are simply not a secret. Those who
value hidden email addresses without OPENPGPKEY support can surely
continue to operate as they do now.
Paul
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
