WKD v05: DNS problem when requesting pubkey
Werner Koch
wk at gnupg.org
Fri Apr 6 16:21:32 CEST 2018
On Fri, 6 Apr 2018 09:58, bernhard at intevation.de said:
> My suggestion is to remove the SRV record requirement again, because otherwise
> we may exclude a significant number of users. Thus I'm thinking about better,
NACK. It is there for a reason.
> email provider cannot controll the policy file directly. Okay, so maybe a
> https redirect is easier?
In general this is true. But as I explained to you on the phone, there
are large mail providers who do not have a legal way to control the web
part but can change the DNS with the exception of the A, AAAA and CNAME
records used for the web service.
> That is another idea, thanks for bringing it up.
> Thinking about it: It would mean that SRV would only work for big providers
> that register this with each Web-Extension. (You don't want to introduce a
> central fixed list, wouldn't you. ;) )
That is how browser stuff works these days - too many things are already
centralized and thus adding another thing does not harm.
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180406/c700a792/attachment.sig>
More information about the Gnupg-devel
mailing list