WKD proper behavior on fetch error

Damien Goutte-Gattat dgouttegattat at incenp.org
Sun Jan 17 21:45:07 CET 2021


On Sun, Jan 17, 2021 at 06:53:29PM +0100, Erich Eckner via Gnupg-users wrote:
>And I assume, it's non-trivial or even impossible to start proper DNS 
>queries (for a SRV record) from within JS?

Apparently not, at least that what folks on the IETF openpgp mailing 
lists said when the issue had been debated [1].

That’s why the WKD protocol (which *used* to rely on SRV records to 
provide a level of indirection between the domain name and the WKD 
server, which was The Right Thing™ do to) had to drop the SRV records in 
favor of a fixed subdomain, at the demand of Javascript developers.



>Because it seems to me, the root for this debate is in gnupg's "ab"use 
>of a subdomain for something which should actually be a SRV record. 

Given that this “abuse” was almost forced upon GnuPG developers by JS 
developers who basically said “please change your protocol otherwise 
there’s no way I can implement it”, and that Werner was on the record 
reluctant to the change [2], I find it quite disheartening that the 
blame should be put at GnuPG’s feet. :(

Oh well, all problems in the OpenPGP world are GnuPG’s fault anyway. It 
is known.


- Damien

[1] 
https://mailarchive.ietf.org/arch/msg/openpgp/f6V8W9wKY6dt2wAq4FBOWk8wtos/

[2] 
https://mailarchive.ietf.org/arch/msg/openpgp/SH1dzlERTgJsaCoKvxQGsnckq-w/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210117/0b23dc37/attachment.sig>


More information about the Gnupg-users mailing list