David Runge commented on pull request wiktor/ssh-openpgp-auth#77
Add OpenPGP CA documentationMaybe here we should instead use sq network wkd fetch "openpgp-ca@example.com"?
View ArticleDavid Runge commented on pull request wiktor/ssh-openpgp-auth#77
Add OpenPGP CA documentationThis makes me wonder whether we should either have a certificate export functionality in sshd-openpgp-auth or just use sq here.
View ArticleDavid Runge suggested changes for wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsThis reads concise and well thought through already! 👏
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsdo not contain a Web of Trust engine [..]
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsWhere <fingerprint> represents exactly [..]
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsThe following defines a unified URI format which allows to reference OpenPGP v4 certificates using the openpgp4fpr scheme outlined below.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS records[..] require a place from which trusted information is distributed
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsThe OpenPGP specification [..]
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsan organization-wide OpenPGP Certificate Authority (CA)
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsWhat is meant by append-only log in this context? How does it relate to the trust-related data?
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsthrough the centralized DNS system.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS records[..] in the DNS zone.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsOpenPGP version 4 fingerprints contains only characters in the unreserved set and therefore the scheme specific part of the URI does not need to be encoded.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS records[..] to be verified may be
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsShould ssh-openpgp-auth be noted here?
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsfingerprints in the DNS records allow [..]
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsThis stands somewhat in conflict with https://codeberg.org/wiktor/openpgp-dns-spec/pulls/1/files#issuecomment-1590556.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsApplications using this scheme may use the OpenPGP fingerprints to retrieve OpenPGP certificates by implementation-defined methods (e.g. keyserver lookup using the HTTP...
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsURIs in the openpgp4fpr scheme are used to identify an OpenPGP key by its primary key fingerprint.
View ArticleDavid Runge commented on pull request wiktor/openpgp-dns-spec#1
Define OpenPGP DNS recordsMaybe then the following is a bit more clear:This document combines trust anchor provisioning through DNS with OpenPGP's append-only data structures which capture the entire...
View Article