WKD: Subdomain openpgpkey

Christoph Klassen christoph-klassen at mail.de
Fri Nov 12 14:35:48 CET 2021

On 09.11.21 08:33, Werner Koch wrote:
> No.  If you get an IP address to connect to, the server exists.  I'll
> add a note to the specs to clarify this.

It could also be that the DNS name can be resolved, but no web server 
exists or the server is offline.

There are these cases:

*A request for a pubkey gets a response with status 200.
*A request for a pubkey gets a response, but with a negative status like 
*A request isn't successful because of a NetworkError. In this case it's 
not possible to say, if the DNS name couldn't be resolved or if there is 
not web server.

A suggestion is that the direct method will be only used, if the third 
case occures. Resolving DNS names would make it more difficult to 
implement WKD (which was thought of as an easy solution to retrieve 
pubkeys) and maybe it's not always possible. For example I'm not sure, 
if extensions for internet browsers can do this.



More information about the Gnupg-devel mailing list