Provided by: sq_0.37.0-1_amd64 bug

NAME
       sq network dane - Retrieve and publishes certificates via DANE


SYNOPSIS
       sq network dane generate [OPTIONS] FQDN CERT-RING
       sq network dane fetch [OPTIONS] ADDRESS


DESCRIPTION
       Retrieve and publishes certificates via DANE.

       DNS-Based  Authentication  of  Named  Entities  (DANE)  is  a  method  for  publishing and
       retrieving certificates in DNS as specified in RFC 7929.


SUBCOMMANDS
   sq network dane generate
       Generate DANE records for the given domain and certs.

       The certificates are minimized, and one record per email address is emitted.  If  multiple
       user  IDs map to one email address, then all matching user IDs are included in the emitted
       certificates.

       By default,  OPENPGPKEY  resource  records  are  emitted.   If  your  DNS  server  doesn't
       understand those, use `--generic` to emit generic records instead.

   sq network dane fetch
       Retrieve certificates using DANE.

       By default, any returned certificates are stored in the local certificate store.  This can
       be overridden by using `--output` option.

       When a certificate is retrieved using DANE, and imported into the local certificate store,
       any  User  IDs  with  the  email  address that was looked up are certificated with a local
       DANE-specific key.  That proxy certificate is in turn certified as a minimally trusted  CA
       (trust  amount:  1 of 120) by the local trust root.  How much the DANE proxy CA is trusted
       can be tuned using `sq pki link add` or `sq pki link retract` in the usual way.


EXAMPLES
   sq network dane generate
       Generate DANE records from certs.pgp for example.com.

              sq dane generate example.com certs.pgp


SEE ALSO
       sq(1), sq-network(1), sq-network-dane-generate(1), sq-network-dane-fetch(1).

       For the full documentation see <https://book.sequoia-pgp.org>.


VERSION
       0.34.0 (sequoia-openpgp 1.19.0)