Hi,
The last version of the draft [0] states:
Only if the required sub-domain does not exist, they SHOULD
fall back to the direct method.
Should implementations fall back to the direct method on any error
trying to fetch the key with the advanced method and not just when the
sub-domain doesn't exist?.
I can think of situations where an organization is migrating to the
advanced method and the sub-domain exists, but for example, they don't
have a valid certificate for the sub-domain yet or they haven't created
the file system structure yet.
Wouldn't be better to still try to fetch a key with the direct method
than not returning any key?.
Maybe there're good reasons to don't do this, that i'm unaware of.
Thanks,
juga.
[0]
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-07#section-3.1
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp