WKD v05: DNS problem when requesting pubkey

Werner Koch wk at gnupg.org
Thu Apr 5 12:50:57 CEST 2018


On Thu,  5 Apr 2018 12:02, bernhard at intevation.de said:

> However according to my research, code running inside  a webbrowser - either 
> from a webpage or as extension - **cannot do a DNS request** on its own. 

Which also means they can't do proper keyserver lookups.  Or implement
XMPP or any other protocol with mandatory SRV record.  SRV records are
in use for more than 18 years:

  2782 A DNS RR for specifying the location of services (DNS SRV). A.
       Gulbrandsen, P. Vixie, L. Esibov. February 2000. (Format: TXT=24013
       bytes) (Obsoletes RFC2052) (Updated by RFC6335) (Status: PROPOSED
       STANDARD) (DOI: 10.17487/RFC2782) 

And RFC-2052 dates back to 1996.

> Pondering other solutions: from Thomas Oberndörfer I've got the idea that we 
> could use the mandatory policy file to allow a "redirect". This may be easier 

This does not work.  The policy file has the same well-known URL prefix
and thus the SRV record should have already been consulted.  In general
a SRV record is not required and I expect that most Web key directories
won't use that anyway.  Thus the failure rate would be quite low and can
maybe mitigated by a fixed list of domains which redirect to a sub
directory.  If you want to test the SRV record, use my address which uses
a SRV record just for testing.


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180405/beec9b60/attachment.sig>


More information about the Gnupg-devel mailing list