On Fri, 14 Dec 2018 10:02:46 +0100
Werner Koch <wk(_at_)gnupg(_dot_)org> wrote:
A client MUST not accept a HTTP authentication challenge (HTTP code
401) because the information in the Web Key Directory is public and
needs no authentication. Allowing an authentication challenge has
the problem to easily confuse a user with a password prompt and
tricking him into falsely entering the passphrase used to protect his
private key or to login to his mail provider.
Sounds good.
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno(_at_)hboeck(_dot_)de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpaK1zsnhWKO.pgp
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp