WKD & redirects: draft-koch-openpgp-webkey-service vs GnuPG

Bernhard Reiter bernhard at intevation.de
Mon Oct 24 17:48:59 CEST 2022


Hi Robin,

Am Samstag 22 Oktober 2022 00:58:51 schrieb Robin H. Johnson via Gnupg-devel:
> Over at Gentoo we got this bug filed about the WKD setup:
> https://bugs.gentoo.org/877791

Using the advanced WKD detection method with
  openpgpkey.gentoo.org
seems to be the way to go for from my view.
As the advanced method is tried first, so this should just work.
And Werner stated a preferrance for it in one email.

> The draft RFC, at least as of version 14, doesn't say either way if
> redirects are permitted or forbidden.
  
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-14#section-3.1
   The HTTP GET method MUST return the binary representation of the
   OpenPGP key for the given mail address.

this can be read as hint towards that no redirect is allowed (as GET would 
then return the redirection target URL). It is not very explicit, though.

Thanks for your hint, I believe Werner will consider it, when updating the WKD 
specification the next time.

Best Regards,
Bernhard

-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20221024/d4f0038f/attachment.sig>


More information about the Gnupg-devel mailing list