WKD spec, draft 05

Bernhard Reiter bernhard at intevation.de
Thu Jan 4 17:13:16 CET 2018 

Moin Werner,
a happy new year to you and all GnuPG people!

Just saw today that you have published a v05 of 
https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service
(I like the diff tool [1] to check changes.)

* What is a good way to track the development of the draft?
  Does the IETF offer a tool to send me an email if a new revision is
  published? Could you drop me (and the devel-list) an email if a new
  revision is there?

* The new requirement for serving WELLKNOWN/policy to be able to detect
  the existence of the service makes sense to me. Especially because I believe
  that the draft should state that the server MUST prevent walking 
  the list of available pubkeys for privacy reasons, for instance by disabling
  the directory display function of a web server.

 Can you add the statement to the next revision?
  
  Rationale for suggesting: MUST over SHOULD:
  I can see usecases where re-using the 
  .well-known/openpgpkey/hu/ as way to publish all OpenPGP pubkeys
  at once, but I'd say that this is the exceptional case and there are better
  methods of publishing a set of pubkeys, e.g. by using a single file with
  serveral pubkeys or by generating a HTML page with all email addresses.

* There is a typo in v05: 
     The file contains keywords and optioanlly values
probably should be
     The file contains keywords and optional values

Best Regards,
Bernhard


[1] 
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-04&url2=draft-koch-openpgp-webkey-service-05&difftype=--html



-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180104/80e62ecb/attachment-0001.sig>

More information about the Gnupg-devel mailing list