I was referred here
https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/
I'm not sure exactly what the status of this I-D is or whether the
openpgp ietf list is the right place, but it seems to be the best
place to send comments.
I. URL final pathname component format
It specifies a URL format ending in a base-32-encocded SHA-1 of a
mangled version of the email address associated with the PGP key.
This seems rather odd.
1. SHA-1 is obsolete.
2. The use of a cryptographic hash here makes it harder for a server
to conduct an appropriate lookup. For example, if a server defines
that all email addresses
alice+<something>@example.com
are owned by Alice, and Alice tells the server `please advertise
my one OpenPGP key for all my email addresses', it is not clear how
the server could implement that.
2a. The cryptographic hash does not, however, provide any significant
degree of useful obfuscation since a search will usually be able to
reverse it.
2b. The cryptographic hash is not needed for space reasons since URLs
can easily be as long as email addresses.
3. Supposing the hash were to be retained, choice of base-32 rather
than base-64 is unusual and needs to be justified.
4. The lowercasing of the email address is contrary to the Internet
mail specifications, where case-sensitivity of the email address
is up to the mail domain in question. If the email address were
not obfuscated by hashing it would be easy for the webserver to
handle case-sensitivity by URL remapping.
Suggested modification: Replace this part of the URL with the
URL-encoded email address.
II. URL domain name part
The mail system for some domain, and its web server, are not
necessarily on the same host or under the same practical
administration. Often webservers are outsourced.
Trying to provide this .well-known/openpgpkey subpath may therefore
involve complicated interactions between different teams or even
different organisations entirely.
Furthermore, the webserver may be less secure than the mail system;
whereas this protocol assumes that it is at least as secure.
Suggested modification: the domain name part should have a fixed
string prepended.
III. Normative status of this document
I was referred to this I-D from this trail of web pages:
https://wiki.gnupg.org/EasyGpg2016/PubkeyDistributionConcept
https://wiki.gnupg.org/WKDDetails
which I reached from someone who asked whether they should
deploy this system.
This seems a bit odd.
Ian.
--
Ian Jackson <ijackson(_at_)chiark(_dot_)greenend(_dot_)org(_dot_)uk> These
opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp