[Freedombox-discuss] Should the box do DANE for PGP?

Sandy Harris sandyinchina at gmail.com
Fri Aug 5 19:49:53 UTC 2016

The draft for authenticating PGP keys via DANE (DNS Authentication of
Named Entities) has just become an RFC. Unfortunately it took three
years and it is tagged as "experimental" rather than "standards
track", but at least it is now available.

This would let far more Box users send & receive PGP-encrypted
messages, so I'd say it is obviously a Good Thing, worth adding to Box

On the down side, it is not entirely secure without DNS-sec. Nor are
FreeS/WAN descendants which rely on DNS for authentication in IPsec.
Do we have any plan for the infrastructure to do DNS-sec on the Box?

More information about the Freedombox-discuss mailing list