IETF Logo Mail Archive

[openpgp] Question on WKD, Key Discovery

juga <juga@riseup.net> Thu, 09 May 2019 12:48 UTC

Return-Path: <juga@riseup.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4959B120041 for <openpgp@ietfa.amsl.com>; Thu, 9 May 2019 05:48:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=riseup.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iYL4gscl6dfO for <openpgp@ietfa.amsl.com>; Thu, 9 May 2019 05:48:34 -0700 (PDT)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 515F412001E for <openpgp@ietf.org>; Thu, 9 May 2019 05:48:34 -0700 (PDT)
Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id DC7C71A0A87 for <openpgp@ietf.org>; Thu, 9 May 2019 05:48:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1557406113; bh=wNMR+WKjbzlWTQh9S21O6aLx803+qFrVr+QEnM+VsHk=; h=To:From:Subject:Date:From; b=RFyLWfoO3HM3al4FKER6810qvh2L+w/Y6kbnUITpGp1HZsh02XecO7s/2z6zMn4Sg vkR6ILllpOpCllnjtitd1dJUa/KtP7GdiFVjAHfITNuDuzq9Vy22W+2sAEW0zjzRmX A5QGfJBaCZa1jZFsCn9+AlHyHpXwS1A4uT965NdY=
X-Riseup-User-ID: 860BF8B74CD344A9D2A3ABA1900BE2E7FA1DBD0E3F8797FEE8E23A1983D37298
Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id E9F7A2245D5 for <openpgp@ietf.org>; Thu, 9 May 2019 05:48:32 -0700 (PDT)
To: openpgp@ietf.org
From: juga <juga@riseup.net>
Openpgp: url=gpg --keyserver hkp://jirk5u4osbsr34t5.onion --recv-key juga@riseup.net
Autocrypt: addr=juga@riseup.net; prefer-encrypt=mutual; keydata= xsFNBFONpUkBEADCZKJs2sXSK2qEvIquZKnt16LCsg61kacKX9MGdbrfB/xxrjx9tcU6fCFd C5//4OwI+sT/E41LrwpV8cehVtoAtmwyUK+/LC3XLbK8m8XSp8/ghOBnm2jlI0z9FVqfHuiv cfd6v7C2xSkqu2TvzdavBetHgPtJwrZ1zK5suQY4ww+48C2GvyqwJR1CMjJq2mz5CEa3mh7N vwqnSxM8Oh1ptSiRbkGR36GF5rt2w2fbFv143fqvquNi+T0P/VWjFk7DZA4d6yhiiM3zb3IL I3TOlgZT2oyjAqq5DTU5evS1VYq9zugT5xvvFQ473M2le3uSr5wPhj4kXkDAgbaHOxinBfR4 ldT3yDJ63mDq1nxxhBfoDx6EP/8gard04aow1zFw8USUS18wloV5/XMnGZX4vYFpKfPYxOSw CFyXXPxGkeIqZ7A1kuUJnvnsfFs+FzPor0EkaKHV88HB/XFwupgc1h4EhmDcEAQJGh8wgjrN A/xLH6tiv08VSC6wtS1BfOQsaRoA32/rQAusoZ5uzwk1C4WJlJ6RkBf/XWIFt9T+22gl8rAP 6MGTFGzq1Wnvfp54ih16+B3tyrH1rjfo2TSHzJypdOJElhjxi2RxLGD3UBOrmjm2nxqWYEE/ syQRWaTs7UTXQ83veLs0exIKzr31nUHuYIqkCITPHVTywHJ4FwARAQABzRIgPGp1Z2FAcmlz ZXVwLm5ldD7CwZcEEwEKAEECGwMFCwkIBwMFFQoJCAsFFgMCAQACHgECF4ACGQEWIQQtqB0B RVw6ADIZiFDzBUR6+AbUawUCWyEqRgUJCXS4fQAKCRDzBUR6+AbUa4RYD/4tTqJcgypxdiQW 7tiXoYdPMM2tBlhBrJPY3BbcWoKpuRiREW/NSAoSPN+zPN89CKy9ziyDkDeBZ+s3vJ45bfin ePif5aqiaSOnNEWmw8DimfKtHp4P+D5iJcV5GeSNvi4RKV/CYy1uxpeWRZJ2WNYxahjPAPge IrFQ+LRtsaely+fYPFGk5IWlhEdqlCjjqMR7PRn9wbMATobbirvZO4eZO+p9vraDcCSZ7mt9 GkL0Cgyz+KqSgh/Fxg+W0Wz+NKkWDVnNjUsY6iUXl+TKnk1kRFvo6iwAQkAThfqA7zf+8KQz NihDXJLvrYKXdlC0o+kFZhLQJzYXRH6suRHjPEBSg0pmMzLKLddTf2xtTKbBPvmJAJ+Fg04i FR0y49gQ91VN24YS8WtGJv6CH8TBzcj+o1zwmtSy444sShrB6K5DzVzHpf9hjlFJloLTGkPw Fz7ThjIn3K31wYwIcDST5sDaIQPaoyEPFJRZv9/OUR87PnZaw/cjhkzqA1a9jokzRhgHc/gv WAAkcOvJBqjQSmFXvJY97IDCa2GxpsE2EQglTpG7XIb9rVDNcvfh97y/3ENYxXkvWczEkg3y fbt9DaoLiexdXqzdcJIrTuVyfFiz/EhV94SAYmT7Mz1g4cBg3gAjQwOZmCeaBOrIP/rz92l5 8DVbJ1oVc6PIQeBKaX8GEc7AzQRbjMi9AQwApH7DuXc/hkDFu+G+dQnr8HRPHQhQgRi/jufh vBYHeqaZ4VzRG3BJTVlzCnOTnH7Fgoric51Zh3yD4FFvhgvyYTgS1usRibKA/rZPzy/+Ot19 tFXGj5esPgsQMW5//B1YM2CxKZSRV51y3BWCbPncvEbdwA+XNxSWTlgF0RqHyUetHAkuX3x0 AtVXP5qSsvbOW864KlzqTjOwZVyYgEpxZBGBNZ+fczYLXBvsmpxCKBWmTOW2EpVzVNEPgGAW oZlm6J8wBJzRJu9iR/tKojWwm5rZwwe2S67LxHi022Jo1aSeWL1eAPm8FmVhFyAqAvVFrykD DtfP2y10Gtw+iXFWtbKSKIUKJxQsP22RTHSVBenuFHbE/AYxrOeN39El14rBBwk1vUfD0JBo VtEc2cfvCy0AngIb3RR1B0jdKS/vAG+m69ltNc5yfGVi61mGsaluZ0bajBj4kIFhFGnISGKA uuKwLpXu8FUu2gFuwi13FK0YZlz1Ual7UzELdl1ATDZxABEBAAHCwXwEGAEKACYWIQQtqB0B RVw6ADIZiFDzBUR6+AbUawUCW4zIvQIbIAUJAXVxlQAKCRDzBUR6+AbUa/OeEACsJp5g0ctx b34P+u59UQS/CpzflIJE+RcmdQr4EtNE3LoSLQf7IdRygr+zjRv7oB8gbnzMZvZ5TkHUFVAP HXcYwzK+gCXMMQQhwXgXEqQOsTJIHKogXZqIUZVDPcNZH5HTL6KemSF+Kk5u9hvHiJHupSzA sDLEFNfWMMr9QDYDAnGoxrn1fHJQdZQyYZQUZYbwE/Q7b5ImayihxbkpXj1zFzmc4NVjHhxk 1kLy5bSeluDqsBtd6CDYgbNZ4MMtdeDKOtkgMsAnmQQKs0ejFewYYlgLSwcFpLvRxQH2YLcJ Fx6qfjZFgmWNWlY7eRM3PxToVkIoeTXXXtwRFJRpGcUDPk5cEg0x0f/65UmvSvXaDuRgj4Cx 6RV75u/uvj7O7KHhS/nf5poQU1cQplSczp/qcu9/Rw5Exjix8+OTJN8O+hhl2Lec4qF6veYh 5WG7+aLLamhxZS5Nr39mgDX479r4uawxi/yS9JgLZrQZKBKlIxxKV5aBatePLg8SRT0G/HtK T8CWlmMUW/1Bkv4WAD0f9p1tyyVNW0Kn8VrJq6nIa+Kakp/cgdUlY9rZYSM6E/12KwY1sGZm naEV/8FaBTEeh4eur0OuY/DrQgUsAXdhpS2eqNr5hwaZqXNPZPnX4ropo4DVNfALYsL6ebME b+JcsKIg7L5zfR1wla3yT/Bqg8LB8wQYAQoAJhYhBC2oHQFFXDoAMhmIUPMFRHr4BtRrBQJb jMrSAhsCBQkBdW/UAIEJEPMFRHr4BtRrdiAEGRYKAB0WIQReKwnjtGckC35u/P9Mj5CXZKMU IQUCW4zK0gAKCRBMj5CXZKMUITx5AQCSb0rFrCpGRg+x2fSAV8GLcl0LzNZfm5AIfVKp3uUS HAEAmmNjuBle9ddmROf9ce63y4XvQiqMIQCWLYQYrsoR6w01Mw//bgPzXrCmb5cPUeFYKGQs vek+/j7SGuFGi+WzR94i/rqnk7+Ffk7muyq3Oo8h1/6Xd2/OiS80EmksrEYFjNYLMtUkpZLc e7cTI/KgSARDzX2FKRfG3Zp76ttLxsGfGM2cIKAIR2z9flZEdaTFMK8jJ1MNSe5JYf84xKW4 k6vWUscKcuhowSJLwROHceTtbgmyOyVyJipwrHrjiySt3rmK9lublfGH62Y1RHBziSYGhxsN pqunC4JbnThe9GlGPG3wGZWxYMf8ynuSwiEWN07uZvD59KL0pHds5dSHd1r1oTuMIzO5F+6H M503s1kVznkz9PdsjXj5ELKM1ZE2CA73QkiAi+Qwnx23t/Z0KSD17fX2alKKftzKh+tWQWfM AqKe1vsyWUDxe9BAteU/gC2mmAR5zaNywaXUMgltRKIHwuo5T8GD4CpSjhIM1n4NZ1UqqzK9 //2sDVhEWWG9MfJWgC6r+WeVq9lgUjImzgdK03H/fv4GCDxkVQIT0d98S3hXn3QE82o1D2SD zDtPL1wQU1hSWcCw8kJRuXD7vbs+cu2LsGqu8RmTs48hDrWKlNLEn60AR4NEvRotyw+/PPMv DhcS91aVi79s1e1RnKnw8SPTRZgiyQRbMsA1zKyoSYigY8TXP12wPymwr6N0/wwWzfZWK8bu zrwZ12uN8A8DIfDCwXwEGAEKACYWIQQtqB0BRVw6ADIZiFDzBUR6+AbUawUCW4zK+gIbDAUJ AXVvuwAKCRDzBUR6+AbUawn2D/9CH31khRKmjA4MTJ7LF1lPFvme7UWjFHP7mJSv9EDXgZUW YWtN7N06GhA6rdKWrk0pMZ2h01wmvpQM7UdPwIP/BbiDjFBiXK+ux0FHzKR1c2rzhuq4Mmrv kFV4eqTtqj1tT/eXFHq6QWmSjDeZRsn84poC5fzm3ZWuIYOjOgDWIBDIZz2uz9737pr7HfIx KWI5UWyjddR0xk5th2pMkFTjjJk+1I2rHEUSaOAURA23DDr8rhQ0Y1cp9ef9iJyhmx36pO2t 3HNkfRLI+wOopsCLHRDF+nRZzTFHLPiBOi7OKru3yrD/z1axcjXuT8VKDLOoVJ3QQLTPmiCZ 6G7lgAZEDb5tMAKB4YDQJ3+V3u3aLxfLks5qQwX3r1NSTewl5j7wrd3bOtR1rdmXJ9YCJGRm KxHOHKoz3IbD5XERgHKfppk6ZyDfjYqeE1RtauB+uFM/wb718Prt3l8Z3dASXM679C1ZZn6S 77myQSRKqW14kLLLQOln76nDcI4pye9y3+n4IyAqGy5wNa8SlSet/t+XIzMqgpxgVWSEIVPN gdegH07dJC5x6SXdkJZfk5yG6vlSqAq9zrLCpfrAJfosnPCQpfilQTOaQfxuyH+JEj/DFKDw h0ZnTpzWhsNXw9X4lW+/isXQGvllb2+clD7V2BlgIWZ0FER+fM06O0WWLM5Jlg==
Message-ID: <5ee04d6e-1039-e9d8-f9c5-8907910ec75a@riseup.net>
Date: Thu, 09 May 2019 12:48:00 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/6TxZc2dQFLKXtS0Hzmrk963EteE>
Subject: [openpgp] Question on WKD, Key Discovery
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 May 2019 12:48:36 -0000

Hi,

The last version of the draft [0] states:

  Only if the required sub-domain does not exist, they SHOULD
  fall back to the direct method.

Should implementations fall back to the direct method on any error
trying to fetch the key with the advanced method and not just when the
sub-domain doesn't exist?.

I can think of situations where an organization is migrating to the
advanced method and the sub-domain exists, but for example, they don't
have a valid certificate for the sub-domain yet or they haven't created
the file system structure yet.

Wouldn't be better to still try to fetch a key with the direct method
than not returning any key?.

Maybe there're good reasons to don't do this, that i'm unaware of.

Thanks,
juga.


[0]
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-07#section-3.1

v2.23.0 | Report a Bug | By Email