WKD for GitHub pages
dgouttegattat at incenp.org
Tue Jan 12 10:25:43 CET 2021
On Tue, Jan 12, 2021 at 09:25:15AM +0100, Stefan Claas via Gnupg-users
>It would be nice to know why the advanced method was added.
To give more flexibility for people setting up a WKD for more than one
Let’s say that I manage example.org and example.net, and I want to serve
keys for addresses in both domains. With the “direct” method, I need to
set up two distinct WKD servers, one for each domain. With the
“advanced” method, I can set up a single server and make
openpgpkey.example.org and openpgpkey.example.net point to that single
(SRV records would be the modern and proper way to provide such a level
of indirection, instead of a subdomain. And indeed, previous versions of
the WKD draft relied on SRV records. Unfortunately, resolving SRV
records was problematic for some implementers using some limited
languages with limited DNS capabilities, so they were scrapped in favor
of the subdomain approach.)
>the direct method would not be sufficent or would have security issues
>I would think that than one replaces the direct method with advanced
>one and then we only need only one method, in order that this works.
If you have only one domain to manage and don’t need the indirection
provided by the advanced method, the direct method is still perfectly
fine, why replace it?
>And if we must have two methods, why is the order not, like one would
>think: check direct first and if this does not work check advanced?
I don’t know, it feels more logical to me to look for an indirection
*first*, and only if there’s no indirection you then look at the target
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: not available
More information about the Gnupg-users