AW: Web Key Service server lookup

Peter Lebbing peter at digitalbrains.com
Tue Nov 1 16:14:00 CET 2016


On 01/11/16 12:49, Jürgen Schäpker wrote:
> Another potential issue in the draft: the domain-part seems to be taken from
> the request URL. In a number of hosting configurations, e.g. via reverse
> proxy, the request URL might by default be rewritten (though in some
> configurations it might be recoverable from X-Forwarded-Host header). In case
> the original requester host cannot be determined, this would create potential
> collisions on WKDs answering for multiple domains, e.g. it couldn't discern
> the hashes for joe at for.com and joe at bar.com.

So this is a webserver that serves the exact same for any request for the site
at http://for.com/ and the site at http://bar.com/ and this is not an explicit
decision by the admin but a consequence of limitations of the setup? Sounds
esoteric enough to ignore to me.

My 2 cents,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-devel mailing list