Mailing List Archive

WKD v06 (and CORS)
Werner,
thanks for publishing WKD v06
looking at the diff [1] I see that you've
added the suggestion to avoid building and index, thanks!

I hope that you'll also consider loosening the phrasing of the DNS SRV record
so that implementors know that they will exclude a significant number of
requesting clients in the future if they rely on the DNS SRV record.

Personally I believe being independent of additional DNS requests is an
advantages that WKD has over VVV or some other pubkey distribution methods
proposed in the past.

There is another detail which could help WKD, as pointed out by Wiktor,
a regular web-app would need to get a CORS header from the WKD-server
in order to fully use the results, see
https://github.com/mailvelope/mailvelope/issues/580#issuecomment-394690051
Hereby I suggest to add this as SHOULD to the WKD spec.

Rationale: Making this a MUST would put some more requirements on the serving
side, which we want to avoid, as right now just placing a few files on a web
server is enough (and not all allow setting headers in the served files
itself as far as I know).

Web Extensions (like Mailvelope) do not need the CORS header (AFAIK).

Best Regards,
Bernhard
ps.: Could you make it a habit to drop a short email to gnupg-devel when you
publish a new WKD, I'd appreciate it. Thanks!

[1]
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-05&url2=draft-koch-openpgp-webkey-service-06

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: WKD v06 (and CORS) [ In reply to ]
On Tue, 5 Jun 2018 16:41, bernhard@intevation.de said:

> ps.: Could you make it a habit to drop a short email to gnupg-devel when you
> publish a new WKD, I'd appreciate it. Thanks!

Hey, I only published it to avoid expiration. No real changes in the
last months. You may want to follow the gnupg-doc repo where the I-D is
developed.


Shalom-Salam,

Werner

--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.