DANE 还是很有看头的,建立在 DNSSEC 之上,并且有给域名加CA白名单功能防止出现CA乱发证书的情况。
On 16-03-21 21:59, Wang Kang wrote: > 刚刚看到了这个RFC Draft,大致意思是说通过DNS来发布自己的公钥。 > > 看起来挺有趣的。 > > -- > Wang Kang > Blog: http://scateu.me > Fingerprint: 011F 0492 97D6 5D75 8AC4 6458 D43F 3CE2 3353 B7BD > > ---------- Forwarded message ---------- > Date: Tue, 9 Feb 2016 00:53:30 > From: The IESG <[email protected]> > Reply-To: [email protected] > To: IETF-Announce <[email protected]> > Cc: [email protected], [email protected], [email protected], > [email protected] > Subject: Last Call: <draft-ietf-dane-openpgpkey-07.txt> (Using DANE to > Associate > OpenPGP public keys with email addresses) to Experimental RFC > > > The IESG has received a request from the DNS-based Authentication of > Named Entities WG (dane) to consider the following document: > - 'Using DANE to Associate OpenPGP public keys with email addresses' > <draft-ietf-dane-openpgpkey-07.txt> as Experimental RFC > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > [email protected] mailing lists by 2016-02-22. Exceptionally, comments may be > sent to [email protected] instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > OpenPGP is a message format for email (and file) encryption that > lacks a standardized lookup mechanism to securely obtain OpenPGP > public keys. DNS-Based Authentication of Named Entities ("DANE") is > a method for publishing public keys in DNS. This document specifies > a DANE method for publishing and locating OpenPGP public keys in DNS > for a specific email address using a new OPENPGPKEY DNS Resource > Record. Security is provided via Secure DNS, however the OPENPGPKEY > record is not a replacement for verification of authenticity via the > "Web of Trust" or manual verification. The OPENPGPKEY record can be > used to encrypt an email that would otherwise have to be send > unencrypted. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > This is a second IETF last call - the diff from version -05 which > was the subject of the previous IETF last call is at [1]. > > [1] > https://www.ietf.org/rfcdiff?url1=draft-ietf-dane-openpgpkey-05&url2=draft-ietf-dane-openpgpkey-07 -- Justin Wong Blog: https://bigeagle.me/ Fingerprint: 15CC 6A61 738B 1599 0095 E256 CB67 DA7A 865B AC3A -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
