Web Key Service server lookup

Jürgen Schäpker Juergen.Schaepker at giepa.de
Fri Oct 28 10:58:59 CEST 2016


Hi,
thanks for the answer, Werner. I’m still not sure what the functional advantage is for using binary instead of armored, though.
An idea on setup simplicity: currently the request URL is composed as
https://example.org/.well-known/openpgpkey/hu/XXXX
This usually requires some form of redirection to the actual WKD server (when it’s not the same as the one running at example.org). To make life easier for admins (specifically in small business scenarios) I would like to suggest that if https://example.org/.well-known/openpgpkey/hu/XXXX returns a 404 or timeout error, another attempt should be made at a subdomain like
https://keys.example.org/.well-known/openpgpkey/hu/XXXX (or https://wkd.example.org/.well-known/openpgpkey/hu/XXXX).
I imagine this could ease setting up a WKD server significantly (e.g. when modifications to a main server are difficult because of bureaucracy etc).
https://wiki.gnupg.org/EasyGpg2016/PubkeyDistributionConcept suggests a priority list for looking up keys – are those lookup-attempts meant to work only in sequence or in parallel and what timeouts should be used?

Best regards,
JS
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161028/a02cbc2e/attachment.html>


More information about the Gnupg-devel mailing list