OPENPGP URI PROPOSAL

mofo syne mofosyne at gmail.com
Fri May 22 03:55:34 CEST 2015


> Something that's mostly limited to web browsers and a couple of email
clients.  It's meant for including data in-line in web pages, not as
separate documents, and has pretty close to nil adoption in the rest of
the ecosystem.

I'm not sure you need to wait for browsers to adopt this standard for it to
take off. As Hugo Osvaldo Barrera said, "That sounds like the expected
behaviour if there's no registered handler. The  same would happen with
things like "mailto:" if you had none." in regards to how unknown schemas
are treated in browsers. So if you want mailto: to work, then you need to
install an email handling program and point the browser to it.


> There is already a vCard spec for a full pubkey -- though you might actually
mean "transferable public key" or OpenPGP certificate:

If there is one that can be embedded in email links, or in a QR code etc,
and can supplement pretty much all block formats for openpgp, then I'm all
for it. What this uri is essentially, is just an alternative serialization
that can hopefully be flexible to handle anything thrown by openpgp at it.

If i have to open GPA and then copy and paste the Vcard to GPA, then I
would prefer the autolaunching uri over the vcard format.

>>
openpgp://fprint;name:clark+kent;::43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
>>
>>     openpgp://fprint;::43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8
> These fingerprints are only 128 bits long, which matches the OpenPGPv3 fingerprint
format.  OpenPGPv4 fingerprints are 160 bits long, and any new fingerprint
standard might be longer still.
> Your proposal here doesn't mention any sort of versioning for fingerprints,
or take into account other concerns.

Its just a sketch at the moment of a serializing format within a uri
container, but if that's an issue, I see no reason why you can't add a
version field. Like:

openpgp:fprint;version:OpenPGPv3;::43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:
66:73:a8

(Note: btw I think i agree with that `openpgp://` should be `openpgp:`. It
was intially chosen since  most auto link recognizers only recognizes when
the // is in front of it. Perhaps we can add it in as an optional extra, if
people need it to be recognized in plain text by simple URL detecting
regexes .


On Fri, May 22, 2015 at 10:18 AM, Robert J. Hansen <rjh at sixdemonbag.org>
wrote:

> > So what are data uri classified as then?
>
> Something that's mostly limited to web browsers and a couple of email
> clients.  It's meant for including data in-line in web pages, not as
> separate documents, and has pretty close to nil adoption in the rest of
> the ecosystem.
>
> Adopting a special OpenPGP data URI scheme just for web browsers seems
> pretty weird to me.  Especially given how difficult it would be to get
> the browser community to adopt it -- as a general rule, no standard can
> take off unless Internet Explorer supports it.  (XHTML 1.0 and 1.1, may
> you rest in peace.)
>
> If you can get Microsoft to support this, or someone to produce an IE
> plugin to handle it, then maybe.  But otherwise, I think a web-specific
> data URI for OpenPGP data is DOA.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150522/65d58549/attachment-0001.html>


More information about the Gnupg-users mailing list