WKD proper behavior on fetch error

Erich Eckner gnupg at eckner.net
Sun Jan 17 18:53:29 CET 2021


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 17 Jan 2021, Ingo Klöcker wrote:

> On Sonntag, 17. Januar 2021 10:48:17 CET Erich Eckner via Gnupg-users wrote:
>> Hi all,
>>
>> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>>> On Thu, 14 Jan 2021 01:47, Ángel said:
>>>> I understand this to mean it as "only use the direct method if the
>>>> required sub-domain does not exist", with the SHOULD meaning that the
>>>> direct method is not required (not sure why, I would have probably used
>>>
>>> Right.  The subdomain is actually a workaround for SRV RR.  We can't
>>> use the latter in browser based implementation and thus need to resort
>>> to this hack.
>>
>> Forgive my ignorance, but can someone explain, what "browser based
>> implementation" of WKD exists (or might exist) and/or why this is
>> desirable?
>
> https://openpgpjs.org/ supports WKD. OpenPGP.js is used by many web
> applications (see link). This is desirable to allow webmailers (and other web
> applications that support OpenPGP) to lookup OpenPGP keys via WKD.

Ah, yes, I didn't see the possibility/need to have the keyring in the 
browser (or no keyring at all) and receive keys from within the browser. 
:-)

Thanks for the pointers!

And I assume, it's non-trivial or even impossible to start proper DNS 
queries (for a SRV record) from within JS?

Because it seems to me, the root for this debate is in gnupg's "ab"use of 
a subdomain for something which should actually be a SRV record. (Plus the 
fact, that DNS wildcards and TLS wildcard certficates work differently.)

>
> Regards,
> Ingo
>

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAEeZoACgkQCu7JB1Xa
e1prNhAAnSOXwNUZSQtpU1716Nccb1pywGpvNkKn/KWSA6kDhacKqtjs3KzOtXNW
0bppT7QaCNxAcJVKqKhbki5epNRRDdft/KM9Pw1I/c+n+TjOPS6340r7qlZXBV1c
0wlCuAPSGLvV6nl5oeGnDmQqn0uT7fT52Gt8iUQdRnrHI+u6Q/kR4SEQyDAili2A
HnN58CXotrNeihAooOoQZxc8Qlfd1DRWyAQ60wgFQX/0HTIkAaAXlPljN5DBlbAd
1c1cEFMmHAxfz5CsWS77jl9G30ysxt3JKpGy0Xr6Pe2WfEipdUBQCwMO6lS82iXo
RUFQm4ybDByXVBaqpJXCnFPZT+Mxe3gSS4BwpFwsDWMh5V7iIp1atExazsjQPc5U
UC7KldS6NqMqFhFtDn17sNATx/lKqmeh2Lze8vQ4x/tqxzNiR6tXZ43S/DJEiPsR
uo0K2h7DPFnEt34HvQeiq3bt/kPAKEwg6Lj80fWq9zA506j2elg1PlXfj/hSqEPh
rw/9CVD414uuf4W7ncF/9ijOPhO1k4hJIdv32VTWOxso8oSHIdEH+sjZwINH8ABn
Jb8eq05BVRQwsnCqSZShyaMJCVXYh9dDDe6TLebfhTS13aUzvbqqw9hhGNbSB9Xj
DCL3M9uCX8rIpcorihGsBN0Oa0yXpVwdkf8Jv2AHWiSpidsF3nw=
=Fwhi
-----END PGP SIGNATURE-----


More information about the Gnupg-users mailing list