Re: [openpgp] OpenPGP Web Key Directory I-D

Benjamin Kaduk <kaduk@mit.edu> Mon, 12 November 2018 05:58 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30E2512D4E7 for <openpgp@ietfa.amsl.com>; Sun, 11 Nov 2018 21:58:24 -0800 (PST)
X-Quarantine-ID: <LgYQR9SoDVvr>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char 9C hex): Received: ...s kaduk@ATHENA.MIT.EDU)\n\t\234by outgoing.mit[...]
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LgYQR9SoDVvr for <openpgp@ietfa.amsl.com>; Sun, 11 Nov 2018 21:58:22 -0800 (PST)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01E19130DD6 for <openpgp@ietf.org>; Sun, 11 Nov 2018 21:58:21 -0800 (PST)
X-AuditID: 1209190e-e8fff70000000fd5-93-5be9167c3223
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id E4.11.04053.C7619EB5; Mon, 12 Nov 2018 00:58:20 -0500 (EST)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-1.mit.edu (8.14.7/8.9.2) with ESMTP id wAC5wJoT024050; Mon, 12 Nov 2018 00:58:19 -0500
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) œby outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id wAC5wF3r020002 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Nov 2018 00:58:18 -0500
Date: Sun, 11 Nov 2018 23:58:15 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: Bart Butler <bartbutler@protonmail.com>, Paul Fawkesley <paul@fluidkeys.com>, "openpgp@ietf.org" <openpgp@ietf.org>
Message-ID: <20181112055814.GA99562@kduck.kaduk.org>
References: <23523.16831.292658.490356@chiark.greenend.org.uk> <874lcsyr3p.fsf@wheatstone.g10code.de> <2bc2bffb-86f5-1457-c19c-bf8a541b8e92@fluidkeys.com> <87ftwbye1s.fsf@wheatstone.g10code.de> <e8YBN6CQZpY7QiCOtFMY7IDhHVT5-gymd9AW-BgtUrGMFTQPppr_qdhcoPAYDNYXv5IXAjZi3wPakOju_5CzUg==@protonmail.com> <87h8gptejy.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87h8gptejy.fsf@wheatstone.g10code.de>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNIsWRmVeSWpSXmKPExsUixCmqrFsj9jLaYNUvA4v1B9tYLBr+PWS3 WDB7G5sDs8ecOS2sHkuW/GTy6GnbxBTAHMVlk5Kak1mWWqRvl8CV8XP5S+aCBUIVm9/+ZGtg vMzXxcjJISFgIvFp1Ry2LkYuDiGBNUwSH/teMUM4GxklLs7/xALh3GWSuPiohwmkhUVAVeLZ 2g8sIDabgIpEQ/dlsA4RgU5GiQfvusESwkBzZ1y+wQZi8wLZE+a+gJp0h0ni+u3/7BAJQYmT M5+ANTALaEnc+PcSaAMHkC0tsfwfB0iYU8BY4vKVlWAlogLKEnv7DrFPYOSfhaR7FpLuWQjd CxiZVzHKpuRW6eYmZuYUpybrFicn5uWlFuka6+VmluilppRuYgSHqSTfDsZJDd6HGAU4GJV4 eBvKX0QLsSaWFVfmHmKU5GBSEuV9f+5ZtBBfUn5KZUZicUZ8UWlOavEhRgkOZiURXj6el9FC vCmJlVWpRfkwKWkOFiVx3l8ij6OFBNITS1KzU1MLUotgsjIcHEoSvFGiQI2CRanpqRVpmTkl CGkmDk6Q4TxAw3eB1PAWFyTmFmemQ+RPMSpKifMWgiQEQBIZpXlwvaA0IpG9v+YVozjQK8K8 Z0GqeIApCK77FdBgJqDBJS+fgwwuSURISTUwlq7bvPcKZ75Csk/Yg2KBDFvdRImGYM+5efJd v1LKFz/Ju/G96EeR9/b/CV8fble7XFK1nqFc11/p7wfnwnU/WdVP2DjucKyc2RKwzJztvXvV pfJU9cZ66b29FbfZbfoP28q9XH6M7WWpYgtrLMvbqn2CHfaZ/o1iLVpP9/lVPXosckR8/wEl luKMREMt5qLiRACcjxcx/gIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/EMieBIiMrOweLiPrnRG-TorkNeE>
Subject: Re: [openpgp] OpenPGP Web Key Directory I-D
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 05:58:24 -0000

On Sat, Nov 10, 2018 at 11:25:21AM +0100, Werner Koch wrote:
> On Sat, 10 Nov 2018 00:18, bartbutler=40protonmail.com@dmarc.ietf.org
> said:
> 
> > reasons previously mentioned in this thread and discussed in Brussels
> > (case sensitivity, +aliases/subaddresses, Unicode, catch-all
> > addresses). The hash would be ignored.
> 
> BTW, the sub-addressing does not seem to be a real problem.  A cursory
> inspection of some large keyrings showed that user-ids with
> sub-addresses are quite rare and there is always the opportunity for the
> user (or a tool) to create another user-id w/o the sub-address.  Thus
> the sub-addresses can be handled in the MUA and won't need protocol
> support.
> 
> > I think that long-term, two parameters that do the same thing and could conflict is bad and that while compatibility is a good short-term goal, we should try drop the hash and to migrate to this final form as soon as possible:
> >
> > ..well-known/openpgpkey/hu/?l=Joe.Doe@example.org
> 
> I disagree but I don't think it is the time to discuss this now.  Let us
> first deploy a useful key discovery and then see how it can be
> improved/changed.
> 
> > should simplify this and simply mandate the 'wkd' subdomain, full
> > stop, rather than having a fallback mechanism to the main domain. The
> 
> I concur.  Given that we need to drop the SRV records for silly reasons
> anyway, we can also demand a fixed subdomain.  Given that I don't like
> the "wkd" acronym, I would prefer to use a different name, like
> "openpgpkey".

I'll note that the IESG is generally not super-keen on reserved leaf names
in the DNS, though it is not something that is entirely disallowed when
there are not usable alternatives.
https://tools.ietf.org/html/draft-moonesamy-dnsop-special-use-label-registry-00
is (IIUC) supposed to be a way forward to at least provide a discoverable
registry of these "reserved" names.

-Ben

> And regarding your other mail: Sure, a redirection can only be allowed
> to use a http redirect and not with a CNAME.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp