WKD v05: DNS problem when requesting pubkey

Werner Koch wk at gnupg.org
Fri Apr 6 16:21:32 CEST 2018

On Fri,  6 Apr 2018 09:58, bernhard at intevation.de said:

> My suggestion is to remove the SRV record requirement again, because otherwise 
> we may exclude a significant number of users. Thus I'm thinking about better, 

NACK.  It is there for a reason.

> email provider cannot controll the policy file directly. Okay, so maybe a 
> https redirect is easier?

In general this is true.  But as I explained to you on the phone, there
are large mail providers who do not have a legal way to control the web
part but can change the DNS with the exception of the A, AAAA and CNAME
records used for the web service.

> That is another idea, thanks for bringing it up.
> Thinking about it: It would mean that SRV would only work for big providers 
> that register this with each Web-Extension. (You don't want to introduce a 
> central fixed list, wouldn't you. ;) )

That is how browser stuff works these days - too many things are already
centralized and thus adding another thing does not harm.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180406/c700a792/attachment.sig>

More information about the Gnupg-devel mailing list