All: Greetings.
Based on feedback, a new version of "Domain Key Authorities (DKA): DNS-Designated Public Key Distribution for Email-Address Identifiers” has been submitted. https://datatracker.ietf.org/doc/draft-swaminathan-dka-framework/ Abstract: Email-addresses are widely used beyond email itself, and the Domain Key Authority (DKA) framework provides a DNS-anchored mechanism for discovering public keys associated with those identifiers. A domain uses DNS to designate an authoritative key service for email-address identifiers under that domain. Instead of storing per-user public keys in DNS, the domain publishes a lightweight DNS record (HTTPS and/or TXT) identifying the hostname of its Domain Key Authority (DKA), and clients retrieve selector-scoped public keys from the DKA over HTTPS. This design uses DNS for what it does well -- global discovery and delegation -- while moving per-identifier key storage and retrieval to infrastructure that scales independently of DNS. The result is a DNS-anchored, application- agnostic framework for discovering public keys associated with email-address identifiers. The current draft adds HTTPS DNS record and retains TXT records for backward compatibility, and provides a deterministic DKA discovery and key lookup procedure. The concept is not theoretical: an open-source implementation and a demo site exist at https://keyzero.org<https://keyzero.org/>. All comments appreciated. Kishore Swaminathan
_______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
