ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Question on WKD, Key Discovery

2019-05-09 08:51:36
from [Paul Wouters] [Permanent Link] 
On Thu, 9 May 2019, juga wrote:


The last version of the draft [0] states:

 Only if the required sub-domain does not exist, they SHOULD
 fall back to the direct method.

Should implementations fall back to the direct method on any error
trying to fetch the key with the advanced method and not just when the
sub-domain doesn't exist?.


The SHOULD there is tricky. Unless you are using DNSSEC, the question
of "does a domain not exist" is very vulnerable to spoofing by an
attacker.

Paul

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [openpgp] Question on WKD, Key Discovery, juga
Next by Date:  [openpgp] PGP/MIME message mangling, Daniel Kahn Gillmor
Previous by Thread:  [openpgp] Question on WKD, Key Discovery, juga
Next by Thread:  [openpgp] PGP/MIME message mangling, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]