The meaning of /.well-known/ (was: WKD Checker)

Ángel angel at pgp.16bits.net
Tue Jan 19 02:07:48 CET 2021


On 2021-01-18 at 17:12 +0100, Stefan Claas via Gnupg-users wrote:
> Neal, maybe you and your team, as professionals, can explain
> what the .well-kown folder in a Web root is good for, because
> it is not only used for WKD and it is also used by many many
> apps, for verification purposes, like one can see in my GitHub
> project folder, regarding Brave verification and one can see
> that a .well-known folder serves it's purpose for the direct
> method if one tries Wictor's fine WKD checker with
> stefan.sac001.github.io.

Well-known URIs were defined nearly 11 years ago in rfc5785
(now obsoleted by rfc 8615), see https://tools.ietf.org/html/rfc5785 


Basically, the /.well-known/ path introduces a namespace with a
semantic for other protocols. Thus, example.com/.well-known/openpgpkey/
has a meaning for Web Key Directory. http://example.com/.well-
known/acme-challenge/ is used for Automatic Certificate Management
Environment (ACME) [rfc 8555], example.com/.well-known/mta-sts.txt is
used to request that all emails are sent with SMTP encryption (rfc8461)
and so on.

Compare this with an url like https://example.com/cat, which has no 
special meaning. That could talk about your pet, an essay about the
felis catus, a telecom operator in Thailand, a minecraft song, an
Indian entrance exam, a UNIX program, a psychological therapy, the
Catalan language, a unit of US Secret Service, a time zone, or the name
of your significant other.

If a new protocol wanted to use with an special meaning an url you were
already using for the above, perfectly fine, content you would be
understandably upset (and the new protocol could easily get confused by
the existing pages). Reserving a portion of the namespace for these
uses allows separating this.

You can have a look at the multiple things it is used for at the
corresponding IANA registry:
https://www.iana.org/assignments/well-known-uris/well-known-uris.xhtml


Best regards




More information about the Gnupg-users mailing list