WKD v06 (and CORS)
Bernhard Reiter
bernhard at intevation.de
Tue Jun 5 16:41:26 CEST 2018
Werner,
thanks for publishing WKD v06
looking at the diff [1] I see that you've
added the suggestion to avoid building and index, thanks!
I hope that you'll also consider loosening the phrasing of the DNS SRV record
so that implementors know that they will exclude a significant number of
requesting clients in the future if they rely on the DNS SRV record.
Personally I believe being independent of additional DNS requests is an
advantages that WKD has over VVV or some other pubkey distribution methods
proposed in the past.
There is another detail which could help WKD, as pointed out by Wiktor,
a regular web-app would need to get a CORS header from the WKD-server
in order to fully use the results, see
https://github.com/mailvelope/mailvelope/issues/580#issuecomment-394690051
Hereby I suggest to add this as SHOULD to the WKD spec.
Rationale: Making this a MUST would put some more requirements on the serving
side, which we want to avoid, as right now just placing a few files on a web
server is enough (and not all allow setting headers in the served files
itself as far as I know).
Web Extensions (like Mailvelope) do not need the CORS header (AFAIK).
Best Regards,
Bernhard
ps.: Could you make it a habit to drop a short email to gnupg-devel when you
publish a new WKD, I'd appreciate it. Thanks!
[1]
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-05&url2=draft-koch-openpgp-webkey-service-06
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180605/77cc57fd/attachment-0001.sig>
More information about the Gnupg-devel
mailing list