RFC 7929

DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP, August 2016

File formats:
icon for text file icon for PDF icon for HTML icon for inline errata
Status:
EXPERIMENTAL
Author:
P. Wouters
Stream:
IETF
Source:
dane (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7929

Discuss this RFC: Send questions or comments to the mailing list dane@ietf.org

Other actions: View Errata  |  Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7929


Abstract

OpenPGP is a message format for email (and file) encryption that lacks a standardized lookup mechanism to securely obtain OpenPGP public keys. DNS-Based Authentication of Named Entities (DANE) is a method for publishing public keys in DNS. This document specifies a DANE method for publishing and locating OpenPGP public keys in DNS for a specific email address using a new OPENPGPKEY DNS resource record. Security is provided via Secure DNS, however the OPENPGPKEY record is not a replacement for verification of authenticity via the "web of trust" or manual verification. The OPENPGPKEY record can be used to encrypt an email that would otherwise have to be sent unencrypted.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search