WKD v06 (and CORS)

Bernhard Reiter bernhard at intevation.de
Tue Jun 5 16:41:26 CEST 2018


Werner,
thanks for publishing WKD v06
looking at the diff [1] I see that you've
added the suggestion to avoid building and index, thanks!

I hope that you'll also consider loosening the phrasing of the DNS SRV record
so that implementors know that they will exclude a significant number of 
requesting clients in the future if they rely on the DNS SRV record.

Personally I believe being independent of additional DNS requests is an 
advantages that WKD has over VVV or some other pubkey distribution methods
proposed in the past.

There is another detail which could help WKD, as pointed out by Wiktor,
a regular web-app would need to get a CORS header from the WKD-server
in order to fully use the results, see
  https://github.com/mailvelope/mailvelope/issues/580#issuecomment-394690051
Hereby I suggest to add this as SHOULD to the WKD spec.

Rationale: Making this a MUST would put some more requirements on the serving 
side, which we want to avoid, as right now just placing a few files on a web 
server is enough (and not all allow setting headers in the served files 
itself as far as I know).

Web Extensions (like Mailvelope) do not need the CORS header (AFAIK).

Best Regards,
Bernhard
ps.: Could you make it a habit to drop a short email to gnupg-devel when you 
publish a new WKD, I'd appreciate it. Thanks!

[1] 
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-05&url2=draft-koch-openpgp-webkey-service-06

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180605/77cc57fd/attachment-0001.sig>


More information about the Gnupg-devel mailing list