PKA for fellows

• Previous message (by thread): FSF Europe Newsletter
• Next message (by thread): FAQ for giving lectures to students
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi!

I'd like to foster the development of the PKA idea and offer FSFE
fellows to install the record for them.

PKA is the Public Key Association and a way to establish validity of
keys by means of DNS[1].  It also allows for opportunistic encryption.
GnuPG 1.4.3 has support for it.  We merely need to add support for
some more MUAs. As of now only Sylpheed-Claws has limited support,
Mutt will definitley be the next MUA to support.  Having a couple of
actual entries would really help in testing and thus I'd like to ask
the FSFE fellows to participate in this.

There is paper on PKA available, but it is only in German:
http://g10code.com/docs/pka-intro.de.pdf . I still need to write an
English version.  The ML gnupg-devel at gnupg.org should also carry some
discussion about it.  With some actual records in the fsfe.org zone we
could start experimenting with it.  As soon as we have come around to
add support to Mutt, I'll create a small howto.

What you need to do is sending me <wk at gnupg.org> a mail with the
subject "PKA record" and your fellowship account name, fingerprint and
optionally the URL to retrieve your key.  Thus the body should look
like this:

name: werner
fpr:  A4D94E92B0986AB5EE9DCD755DE249965B0358A2
uri:  finger:wk at g10code.com"

As a gpg user you should know how to get your fingerprint (FPR),
keeping the space gpg prints is fine.  The URI line is optional, if
you give it, use the URL with the canoncial address of your keys.
Many folks use a webpage for this, for them it should be http://xxxx;
if you are using only a keyserver, you may use a URI but it is not
really needed then.

Obviously this mail should be signed so that I have a chance to verify
that this mail is actually from you.  Please only people with an
active fsfe.org account; I can only change this zone file for you.



Shalom-Salam,

   Werner


[1] Yes, we all know that DNS is not secure, but lets hope the best
    and assume that DNSSEC will eventually be deployed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.fsfe.org/pipermail/discussion/attachments/20060411/96b08c41/attachment.sig>

• Previous message (by thread): FSF Europe Newsletter
• Next message (by thread): FAQ for giving lectures to students
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]