WKD: Subdomain openpgpkey

Bernhard Reiter bernhard at intevation.de
Thu Nov 18 11:16:48 CET 2021

Am Donnerstag 18 November 2021 10:37:21 schrieb Werner Koch via Gnupg-devel:
> On Wed, 17 Nov 2021 15:49, Bernhard Reiter said:
> > Would'nt it be easier then to say:
> >   * Try to resolve the advanced WKD request for the email address in
> >     question. And if the network connection fails, you SHOULD try the
> > direct method.
> I currently don't think so.  The direct method should go away anyway.
> It is just a relic from the time we started with this thing.  Sure
> there is an additional burden to have a certificate for the subdomain
> but given the slow acceptance of the Web Key Directory I would not
> consider the direct method a real help for anyone.  Those who run their
> own webserver and might use the direct method, will also be able to
> setup a subdomain.

As we want to further usage, I'd say we should keep supporting
the direct method for quite a while, because it means more communication 
partners and we reward early adopters (as they do not need to do any change.)
And there are implementation out there, facing them to change often without
major reason is a drawback for adoption.

So if we would recommand moving fully to the advanced method at some time
in the future. It would make even more sense to me to make it easier and be 
pragmatic about when to fall back to the direct method for the time being.

There is one more feedback from Thomas about the empty DNS record:
He guesses that some people who manage DNS via a webbased interface
of their DNS provider may not be able to set an empty TXT record.
(Okay, this whole decision problem would go away if only the advanced method 
is used in the future.)

One advantage I see in the direct method is that it leans toward recommending
do to this decentrally for each server and not using a central WKD service
or a number of sites.

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20211118/b9a85af6/attachment.sig>

More information about the Gnupg-devel mailing list