Mail provider simplifies pgp key management via dns server

Spread the love

The German mail provider is the first worldwide to switch to the use of Openpgpkey. With this standard, exchanging pgp public keys is done via dnssec, which would make it easier and more secure., a German provider of secure e-mail services, reports making it possible to exchange PGP public keys via DNS servers., which provides both free mailboxes with advertising and paid subscriptions, uses the Anycast-dns network of the German provider irondns.

The problem with exchanging PGP public keys is that there is no standardized, trusted method. There are key servers that work on the basis of the HTTP Keyserver Protocol, but they do nothing more than store and publish keys. There is no form of validation and users must take steps beforehand to ensure that they can revoke their keys, otherwise this is no longer possible.

To create a standardized and secure alternative to linking email address and public pgp key, an IETF specification called Openpgpkey has been developed that uses dns resource record types. The dns rr type is protected via dnssec.

The advantage of Openpgpkey, according to, is that only owners of an email address can add a public key, the key cannot be manipulated via a man-in-the-middle attack, users can easily delete and change their keys and the database with keys is not susceptible to abuse by spammers.

You might also like