WKD & redirects: draft-koch-openpgp-webkey-service vs GnuPG

Robin H. Johnson robbat2 at gentoo.org
Sat Oct 22 00:58:51 CEST 2022


gpg 2.3.8...

Over at Gentoo we got this bug filed about the WKD setup:
https://bugs.gentoo.org/877791

$ gpg -v --auto-key-locate wkd --locate-external-keys infrastructure at gentoo.org
gpg: WARNING: unacceptable HTTP redirect from server was cleaned up
gpg: (further info: changed from 'https://gentoo.org/.well-known/openpgpkey/hu/gzhmqtt9d5d1y1bw4ufs47npj5wn8pyx?l=infrastructure' to 'https://www.gentoo.org/.well-known/openpgpkey/hu/gzhmqtt9d5d1y1bw4ufs47npj5wn8pyx?l=infrastructure')

We have a tiny anycast service at the Apex https://gentoo.org/ that redirects *everything* to www.gentoo.org; no exceptions possible.

The draft RFC, at least as of version 14, doesn't say either way if redirects
are permitted or forbidden.

If they are indeed forbidden, can the RFC get updated to say as much?

Otherwise, if Redirects aren't forbidden, I feel the warning should be removed
for this case (and a note about how they are accepted should be added to the
RFC).

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
E-Mail   : robbat2 at gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1113 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20221021/799ca3ae/attachment.sig>


More information about the Gnupg-devel mailing list