Web Key Directory

Werner Koch wk at gnupg.org
Fri May 13 21:11:55 CEST 2016

On Fri, 13 May 2016 17:03, guilhem at fripost.org said:

>   125 3. The provider checks that the received key has a User ID which
>   126     - matches an account name of the provider,
>   127     - and that the from address matches that account.
> In the second requirement, do you mean the (SMTP/LMTP) envelope from
> address, or the RFC 5322 From: header value?  I don't really understand

The From: value from RFC-2822.  For this purpose it is not really
requirement but for attended use it is general a good idea to match it
and print a warning.  But you are right, it does not belong to here.

> challenge to all matching addresses?  (Also unlike Sender:, the From:
> header value can be set to multiple addresses.)

Thanks for reminding me about this; I renamed the "from" field in the
request and response to "sender" to make it clear that only one mailbox
is allowed.

> Also, it would be convenient to have the ability to filter out the
> confirmation requests client side.  If the Content-Type value is
> registered and reserved for that use only one could use it as selector;

Yes, that is the idea.  application/vnd.gnupg.wkd will be registered in
the vendor-tree as per RFC-6833.  Given that the GnuPG Project controls
the gnupg.{org,net,com} domains there should never be a conflict with
the vendor name even without having done the registration.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

More information about the Gnupg-devel mailing list