WKD proper behavior on fetch error

Ángel angel at pgp.16bits.net
Sat Jan 16 02:25:14 CET 2021


On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> If you or someone else set's up a web server, for a big organisation
> or for yourself, you simple put in the .well-known folder some
> content which would look most likely then like this:
> 
> http://domain.tld/.well-known/etc... or maybe
> https://sub.domain.tld/.well-known/etc...


Right. For instance, you would use either
 https://300baud.de/.well-known/... 
 https://openpgpkey.300baud.de/.well-known/... 


> If someone writes now a program which needs to access content in the
> well-known folder, why does a software author needs to implement two
> methods to access the well-known folder? This part for example I do
> not understand, because if one method is not good or secure enough I
> would simply drop one method an implement only the more secure and
> more reliable one, or not?

Because the specification says that it can be in those two places. It
could have stated only one, or a dozen. Or even, "start following links
from the main index and stop after you find the first pgp key".


> The situation we now have is that we have two popular OpenPGP apps
> which handle the access to the well-known openpgp directory
> differently, which nobody can deny.

They differ *slightly*. Only if the first location exists but fails.
But yes, they differ, as agreed by everyone.


> I for example can say I don't care about a draft and happily promote
> sequoia-pgp usage over GnuPG usage, in case OpenPGP users would like
> to use GitHub and WKD for a multi-purpose OpenPGP too. That would
> Werner and a couple of other probably pi*#-off very much but I do not
> have done something wrong and people are allowed to do the same.

Of course, you could. Or you could simply say: the pgp key of
<user>@<domain>.com shall be at https://www.<domain>.com/<user>.pub

That would be following a completely different "standard", but it would
be perfectly fine, too. The beauty of standards is to get everyone
following the same rules and not a https://xkcd.com/927/ situation
though.

A standard allows people to know where to place their keys in a place
it will be looked for, and the clients to know where they should look
for them and how to act.



> My intention was only to promote WKD OpenPGP usage for github.io
> pages in case people like the idea.

This was a good idea, but github pages don't seem to support being used
for WKD (due to the mentioned wildcard issues).


Best regards





More information about the Gnupg-users mailing list