Questions about Web Key Directory I-D version 06

Werner Koch wk at
Mon May 28 11:30:55 CEST 2018

On Wed, 23 May 2018 20:35, gnupg-devel at said:

> If the HTTP response is a redirect code (301, etc.) should it be
> followed? As far as I can see both gnupg and servers in the wild

I'd say yes.  This is a part of the HTTP specification and thus not
explicity mentioned in the I-D.

> (e.g. utilize redirects. Are there any restrictions
> to these redirects (e.g. only to https schemes? or is http also
> allowed?).

http is never allowed anywhere for any purpose.

Restrictions are the max. number of allowed redirections; this is
implementation defined.

> 2. The I-D mentions in several places Content-Type:
> application/octet-string, I think this is a typo, it should be
> application/octet-stream.

Thanks for noting.  I found one place and fixed it.

> Sub-question: is there no better media type? I've browsed the IANA
> registry, sadly application/pgp-keys is only for armored keys (RFC 3156 [1]).

application/octet-stream is the easiest thing and usual the default a
server will use if if can't figure out otherwise.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list