On Thu 2019-04-18 18:21:01 +0000, Bart Butler wrote:
I'd say that this is less of an attack vector and more of a 'mischief'
vector, and that public suffixes can easily protect themselves if it
ever becomes an issue.
Why is this merely "mischief"? I can publish semi-authoritative records
about the key material for all your users if you grant me access to a
single specific subdomain. without noticing the appearance of this
draft. That sounds like more than mischief to me.
WKD client implementations can also use the public suffix list
themselves to prevent the problem--a quick search yields libraries for
lots of platforms. Maybe this would be a reasonable suggestion to add
to the RFC, but it also doesn't seem critical to me.
Resorting to the public suffix list is always a terrible solution, but
maybe it's what we have to rely on. Writing down the explicit guidance
on what to do there, and what it's implications are, is probably a good
idea for thinking it through. Would this suggest, for example, that no
e-mail address within @github.io would be able to effectively publish
their OpenPGP certificate via WKD?
--dkg
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp