Re: [openpgp] OpenPGP Web Key Directory I-D

On Mon, 12 Nov 2018 17:33, bre(_at_)pagekite(_dot_)net said:

> If I were to implement support for SRV records, that would mean I
> can no longer rely on Tor to do that for us, but need to start
> thinking about DNS-over-HTTPS or other emerging standards (or,
Well, GnuPG implements a full DNS resolver over Tor (but w/o DNSSEC).
This was required to properly implement access to the keyserver pools.
If there is a need we coul turn this into a public API.

> I'm very happy not to have to deal with that.
Mailpile will also like it.

> > First try
> >
> >      https://openpgpkey.example.org/.well-known/openpgpkey/...
> This works well for Mailpile.
I changed this in the -07 I-D to 

  https://openpgpkey.example.org/.well-known/openpgpkey/example.org/...

to make it easier to host several domains and to convey the domain info
without resorting to HTTP header info.

> I might be tempted to suggest trying the bare domain first, and
> openpgpkey.example.org as a fallback, simply because from a
> privacy point of view that leaks less information about what the
> client is doing.
But in this regard it is not different from SRV RRs.  The requests
should anyway be easy to identify because the reply is pretty small or
by utilizing the fact that an encrypted mail is anyway soon send to the
same provider.

> on something that is dead-simple to implement both on the client
> and the server, even if the "fixed subdomain" is a hack from a
> protocol-purity point of view. It's pragmatic and it works, which
Right, but Mozilla and MS Exchange do something very similar to ease the
configuraion of a mail account.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

pgpV0NHSnlG2_.pgp
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp