WKD lookup (Re: Web Key Service server lookup)
Juergen.Schaepker at giepa.de
Sun Nov 6 13:40:57 CET 2016
"Werner Koch" <wk at gnupg.org> wrote:
>> How exactly is the domain-part supposed to be determined by the WKD
>Strip everyting up to and including the first '@' from the (UTF_8
My question was apparently ambiguous. My concern is the WKD server. How
does a WKD server know which domain it is serving for when the request
HOST header is modified (e.g. by a reverse proxy) and so the domain-part
cannot be determined from that.
The WKD server is intended to provide keys for a.com, a.net, a.de,
bass.de, baß.de, Äppelwoi.de etc. WKD is redirected from all those
domains to some server at wkd.unrelated.com. At least from one of those
domains redirection is done by a request-modifying reverse proxy, e.g.
a.net requests reach the WKD with HOST reverse.nota.com.
The lookup hash for email addresses with local-part "joe" is the same
for all domains (if I don't misunderstand something fundamental in the
current draft) so there is always ambiguity. And non-ASCII local-parts
will only match by pure chance because they are not normalized.
I don't think the need to use RFC 3490 ToASCII (or similar) can be
More information about the Gnupg-devel