| Internet-Draft | PGP fingerprints in the DNS | February 2024 |
| Kwapisiewicz | Expires 31 August 2024 | [Page] |
This document specifies a new scheme for verifying authenticity of OpenPGP certificates through the DNS system. The certificates to be verified may be organization-wide OpenPGP Certificate Authority (CA) certificates or individual certificates of owners in the DNS zone.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 31 August 2024.¶
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
The OpenPGP specification [RFC4880] defines message formats and cryptographic primitives with day-to-day use but does not specify a scheme for verifying the authenticity of a certificate containing an identity claim (i.e. a User ID with an email address of a particular domain). Organizations need a centralized solution for distributing trust data to their employees and as such require a place from which the trusted information flows to the clients. DNS is a natural place used by other similar specifications such as CAA Resource Records [RFC8659] and SSHFP [RFC4255].¶
The method described in this document allows defining trusted OpenPGP certificates through the centralized DNS system. The system is both lightweight, as it uses existing standardized mechanisms and secure, as it depends on DNS security [RFC4033] and OpenPGP certificates.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
The following terms are used in this document:¶
The following defines a unified URI format which allows to reference OpenPGP v4 certificates using the openpgp4fpr scheme outlined below.¶
URI format:¶
openpgp4fpr:<fingerprint>¶
Where fingerprint represents exactly 40 characters of lower and upper-case letters A, B, C, D, E, F and digits (0-9).¶
The same can be formally defined using Augmented Backus-Naur Form:¶
openpgp4fpr-uri = "openpgp4fpr:" fingerprint fingerprint = 40*40HEXDIG¶
Example of an openpgp4fpr URI:¶
openpgp4fpr:653909A2F0E37C106F5FAF546C8857E0D8E8F074¶
URIs in the openpgp4fpr scheme are used to identify an OpenPGP key by its primary key fingerprint.¶
Applications using this scheme may use the OpenPGP fingerprints to retrieve OpenPGP certificates by implementation-defined methods (e.g. keyserver lookup using the HTTP Keyserver Protocol).¶
As a fingerprint contains only characters in the unreserved set [RFC3986] there is no need to encode the scheme specific part of the URI.¶
DNS records containing OpenPGP fingerprints are regular DNS TXT records (as specified in [RFC1034]) where the text content of the record is an openpgp4fpr URI defined in the previous section.
Since a DNS hostname can contain multiple TXT records, the hostname can also contain multiple openpgp4fpr URIs.¶
To avoid DNS attacks clients MUST use DNSSEC [RFC4033] to verify records which form the basis of trust decisions.¶
Clients which contain a Web of Trust implementation SHOULD treat the DNS fingerprints as trust-roots in their Web of Trust algorithm. Lean clients which do not contain a Web of Trust engine SHOULD use only certificates for which a corresponding fingerprint is present in the DNS zone.¶
If multiple records are set, all of them should be treated as trust-roots. This allows seamless key rollover where a new key is introduced but the old one is still trusted in the migration phase. Additionally this allows using separate keys for clients using different algorithms for primary keys.¶
This document combines trust anchor provisioning through DNS with OpenPGP's append-only data structures which capture the entire lifecycle of a certificate.¶
It is paramount that the clients use only authenticated DNS responses. As such DNSSEC [RFC4033] usage is REQUIRED. The client MAY use additional logic to filter-out insecure algorithms and MUST properly handle revocation and expiration mechanisms already present in OpenPGP [RFC4880].¶
Since this specification reuses already specified elements such as the DNS TXT records [RFC1035] and OpenPGP certificates [RFC4880] there are no IANA actions requested at this time.¶
The author wishes to thank and acknowledge all contributions of the following people: David Runge, Yarmo Mackenbach.¶