On 2020-08-04 at 16:46 +0200, Werner Koch via Gnupg-users wrote: > Yes, privacy. But that is just a welcome side-effect. What we need is > that the domain is authenticated so that we can consider the key to be > valid at a certain level. I see no way how you can do this via an > anonymizer because the two goals are in contradiction.
Isn't that what a static mapping file accomplishes? Not a good longer-term solution, but buys the ability to explore the problem space. Eg, there could be DNSSEC-signed records in DNS saying "this string is equivalent for TOR". If DNS is routed over TOR then the object signing gives you that assurance. You get privacy and assurance. DNSSEC means you no longer need to care how you get the responses, provided that there's a DS trust chain down to the result you want. So spitballing wildly, `_tor_https.example.org` as a set of TXT records could provide one domain each which are equivalent. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
