Re: [openpgp] OpenPGP Web Key Directory I-D
Werner Koch <wk@gnupg.org> Tue, 13 November 2018 14:15 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 464F9130DDA for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 06:15:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mk3EZQ_zorcG for <openpgp@ietfa.amsl.com>; Tue, 13 Nov 2018 06:15:10 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34A3129BBF for <openpgp@ietf.org>; Tue, 13 Nov 2018 06:15:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=a34bfl2aLUy338vD83SN6WIYWl8ow8MB0elCSIEkw10=; b=VpU8NPmQbsFBVtThNBW69PoQP1 Ax+zz9c2xGMVbmZb9MZa0rXeVwWj0Wynq4hIT+iHRhFPskt2gkagVmhCu1owg24d4JhTiAVkm6uik D+UfEdQWergzJaaTyyckJ7u/IuOJsEP/Goju7BjY11Ty2RzYK89hTIMtOnb7bl/SkKyI=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1gMZTB-0005YZ-21 for <openpgp@ietf.org>; Tue, 13 Nov 2018 15:15:09 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1gMZT7-0008A7-Ub; Tue, 13 Nov 2018 15:15:05 +0100
From: Werner Koch <wk@gnupg.org>
To: Bjarni Runar Einarsson <bre@pagekite.net>
Cc: Paul Fawkesley <paul@fluidkeys.com>, "openpgp@ietf.org" <openpgp@ietf.org>
References: <87ftwbye1s.fsf@wheatstone.g10code.de> <DiIWPgMENERRi7akurqzJbz8IyvtxcuHX2bdNqRr22db@mailpile>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Bjarni Runar Einarsson <bre@pagekite.net>, Paul Fawkesley <paul@fluidkeys.com>, "openpgp\@ietf.org" <openpgp@ietf.org>
Date: Tue, 13 Nov 2018 15:15:05 +0100
In-Reply-To: <DiIWPgMENERRi7akurqzJbz8IyvtxcuHX2bdNqRr22db@mailpile> (Bjarni Runar Einarsson's message of "Mon, 12 Nov 2018 16:33:33 -0000")
Message-ID: <874lcloyhi.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=MD4_wire_transfer_UOP_.Hello_to_all_my_friends_and_fans_in_domestic="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/UCNwhFMFmoDh57dtNBaptjXLjMI>
Subject: Re: [openpgp] OpenPGP Web Key Directory I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 14:15:12 -0000
On Mon, 12 Nov 2018 17:33, bre@pagekite.net said: > If I were to implement support for SRV records, that would mean I > can no longer rely on Tor to do that for us, but need to start > thinking about DNS-over-HTTPS or other emerging standards (or, Well, GnuPG implements a full DNS resolver over Tor (but w/o DNSSEC). This was required to properly implement access to the keyserver pools. If there is a need we coul turn this into a public API. > I'm very happy not to have to deal with that. Mailpile will also like it. >> First try >> >> https://openpgpkey.example.org/.well-known/openpgpkey/... >> > This works well for Mailpile. I changed this in the -07 I-D to https://openpgpkey.example.org/.well-known/openpgpkey/example.org/... to make it easier to host several domains and to convey the domain info without resorting to HTTP header info. > I might be tempted to suggest trying the bare domain first, and > openpgpkey.example.org as a fallback, simply because from a > privacy point of view that leaks less information about what the > client is doing. But in this regard it is not different from SRV RRs. The requests should anyway be easy to identify because the reply is pretty small or by utilizing the fact that an encrypted mail is anyway soon send to the same provider. > on something that is dead-simple to implement both on the client > and the server, even if the "fixed subdomain" is a hack from a > protocol-purity point of view. It's pragmatic and it works, which Right, but Mozilla and MS Exchange do something very similar to ease the configuraion of a mail account. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] OpenPGP Web Key Directory I-D Ian Jackson
- Re: [openpgp] OpenPGP Web Key Directory I-D NIIBE Yutaka
- Re: [openpgp] OpenPGP Web Key Directory I-D brian m. carlson
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Paul Fawkesley
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Ian Jackson
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Wiktor Kwapisiewicz
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Wiktor Kwapisiewicz
- Re: [openpgp] OpenPGP Web Key Directory I-D brian m. carlson
- Re: [openpgp] OpenPGP Web Key Directory I-D Bart Butler
- Re: [openpgp] OpenPGP Web Key Directory I-D Bart Butler
- Re: [openpgp] OpenPGP Web Key Directory I-D Benjamin Kaduk
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch
- Re: [openpgp] OpenPGP Web Key Directory I-D Benjamin Kaduk
- Re: [openpgp] OpenPGP Web Key Directory I-D Benjamin Kaduk
- Re: [openpgp] OpenPGP Web Key Directory I-D Bjarni Runar Einarsson
- Re: [openpgp] OpenPGP Web Key Directory I-D Werner Koch