From 9ac31f91b10059474da1c9580fb99e94278d4c11 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 6 Oct 2015 20:31:43 +0200
Subject: gpg: Add new --auto-key-locate mechanism "dane".

* g10/call-dirmngr.c (gpg_dirmngr_dns_cert): Allow fetching via DANE.
* g10/keyserver.c (keyserver_import_cert): Add arg "dane_mode".
* g10/options.h (AKL_DANE): New.
* g10/getkey.c (get_pubkey_byname): Implement AKL_DANE.
(parse_auto_key_locate): Ditto.
--

To test this use

  gpg --auto-key-locate clear,dane,local --locate-key -v wk@gnupg.org

Signed-off-by: Werner Koch <wk@gnupg.org>
---
 doc/gpg.texi | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'doc')

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 7d78e9e3e..980d32643 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1463,6 +1463,10 @@ mechanisms, in the order they are to be tried:
   @item pka
   Locate a key using DNS PKA.
 
+  @item dane
+  Locate a key using DANE, as specified
+  in draft-ietf-dane-openpgpkey-05.txt.
+
   @item ldap
   Using DNS Service Discovery, check the domain in question for any LDAP
   keyservers to use.  If this fails, attempt to locate the key using the
-- 
cgit v1.2.3