AW: WKD lookup (Re: Web Key Service server lookup)

Jürgen Schäpker Juergen.Schaepker at giepa.de
Wed Nov 2 13:24:53 CET 2016


Hi,

>The 00 version of the draft had the "domain" part in the url,
>however Werner decided to remove this, the mains reason being url
>encoding and trouble with international domain names.

I'd believe WKD servers need to normalize domain names in any case, this normalization should be in the standard.

>> I'm still not sure though why the hash shouldn't be designed by default as
>> a unique ID, using the complete email address. Doing that removes the need
>> for the server to know which domains it provides the lookup for.

>I'd say that the server must know which email domains it will serve pubkeys 
>for anyway. And it must be encoded in the request url anyway, because this is
>the only little trust anchor via checking the TLS cert. The 02 draft design 
>meet the minimalist requirement for good design in this regard.

The request URL will be modified e.g. by default by most reverse proxies. You cannot rely on it containing the original host domain name. 


Best regards,
JS




More information about the Gnupg-devel mailing list