[replying to semi-random post in the thread] I think the real problem is the idea of using OPENPGPCERT as a discovery mechanism.
It doesn't need to be. It works much better as just an additional trust path. For openpgp, an hkps query followed by a dane lookup on each uid in the returned keyset will work much better. Or webfinger followed by dane. With TLSA offering a trust path for the https. -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 -JimC -- James Cloos <[email protected]> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
