{"draft":"draft-ietf-dane-openpgpkey-12","doc_id":"RFC7929","title":"DNS-Based Authentication of Named Entities (DANE) Bindings for OpenPGP","authors":["P. Wouters"],"format":["ASCII","HTML"],"page_count":"20","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"DNS-based Authentication of Named Entities","abstract":"OpenPGP is a message format for email (and file) encryption that\r\nlacks a standardized lookup mechanism to securely obtain OpenPGP\r\npublic keys.  DNS-Based Authentication of Named Entities (DANE) is a\r\nmethod for publishing public keys in DNS.  This document specifies a\r\nDANE method for publishing and locating OpenPGP public keys in DNS\r\nfor a specific email address using a new OPENPGPKEY DNS resource\r\nrecord.  Security is provided via Secure DNS, however the OPENPGPKEY\r\nrecord is not a replacement for verification of authenticity via the\r\n\"web of trust\" or manual verification.  The OPENPGPKEY record can be\r\nused to encrypt an email that would otherwise have to be sent\r\nunencrypted.","pub_date":"August 2016","keywords":["opportunistic security","encrypted email"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7929","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7929"}