Web Key Directory - HTTP Redirect?
wiktor at metacode.biz
Mon Dec 17 21:09:34 CET 2018
On 16.12.2018 11:40, Patrick Brunschwig wrote:
> When a client does Key Discovery using the Web Key Directory, should it
> follow HTTP Redirects (HTTP Status 302) or is that not foreseen?
Hi Patrick, I've asked that question some time ago  and the answer was
"redirects should be followed".
There are some restrictions implemented recently for the Location header:
This page gives more details:
(as a side note it's interesting because this "CRSF" in GnuPG would not send any
cookies and the attack described in the advisory shows rather an issue with the
receiving app, not GnuPG... but that's a side note...)
More information about the Gnupg-devel