[Freedombox-discuss] Should the box do DANE for PGP?

[Sandy Harris]

The draft for authenticating PGP keys via DANE (DNS Authentication of
Named Entities) has just become an RFC. Unfortunately it took three
years and it is tagged as "experimental" rather than "standards
track", but at least it is now available.
https://tools.ietf.org/html/rfc7929

This would let far more Box users send & receive PGP-encrypted
messages, so I'd say it is obviously a Good Thing, worth adding to Box
software.

On the down side, it is not entirely secure without DNS-sec. Nor are
FreeS/WAN descendants which rely on DNS for authentication in IPsec.
Do we have any plan for the infrastructure to do DNS-sec on the Box?