[openpgp] Re: Certificate discovery over HKP
Andrew Gallagher <andrewg@andrewg.com> Wed, 09 April 2025 09:26 UTC
Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@mail2.ietf.org
Delivered-To: openpgp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 0EDF91971954 for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 02:26:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id biemtrY54qo1 for <openpgp@mail2.ietf.org>; Wed, 9 Apr 2025 02:26:44 -0700 (PDT)
Received: from fum.andrewg.com (fum.andrewg.com [IPv6:2a01:4f9:c011:23ad::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A1DE6197194B for <openpgp@ietf.org>; Wed, 9 Apr 2025 02:26:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1744190802; bh=IFe4v91fVck2f0Oy7lGVsWMSdZuk2dMvirlJVFxp+FU=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=sXMoO0+TVYfwFhO6wq4O0hdgSpN0Pu9jY2aNqg+WErAGk1WHU0E/FpaF0zr5dqK72 T0zfYh1GR5Dko+n1VhbiTjJwLyrRl9FAhr7gffY5AoMA25iIopmHKEpeEudH56Lj8e ufgOnCUxDVfZnZ8ehHU1bmEE8beQtJUvTZtMd/v29P6j1Lv2RVJLzqjOqJXPy/Ew8h 1ek5yDhSelehANbDjBADAWrkB6b+aVpu8cdnQeo3NEXECAQJnfipLDRifYZJDEUbZu T0v6gswjbUOWs8ABe7kxtBhtWqkyEeo9dP5DG+vVKYASSwgWhp5ZbQ/raZ7x7s3tw1 9lvmNHFftyQ0Q==
Received: from smtpclient.apple (serenity [IPv6:fc93:5820:7349:eda2:99a7::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id BB13C5EDF7; Wed, 9 Apr 2025 09:26:42 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_C0493699-1CC6-48F0-920C-8AE7FC7542D6"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.9\))
From: Andrew Gallagher <andrewg@andrewg.com>
In-Reply-To: <8990b01d-527a-4a99-bcb8-6072e50dd2bd@my.amazin.horse>
Date: Wed, 09 Apr 2025 10:26:25 +0100
Message-Id: <B4B3032C-841D-4D5F-9BF6-C658EFEB39D1@andrewg.com>
References: <A748070A-4774-41F9-92E8-55F724B8834C@my.amazin.horse> <533BAF31-3076-4E0F-A4AF-904A26049132@andrewg.com> <8990b01d-527a-4a99-bcb8-6072e50dd2bd@my.amazin.horse>
To: Vincent Breitmoser <look=40my.amazin.horse@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3731.700.6.1.9)
Message-ID-Hash: GNLQ2FZ32KBJNXBB5K5NNH2LLYRHSETG
X-Message-ID-Hash: GNLQ2FZ32KBJNXBB5K5NNH2LLYRHSETG
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "openpgp\\@ietf.org" <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Certificate discovery over HKP
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/YNe9NGAs4Ers4LjBZm0U3ffG5oQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
On 9 Apr 2025, at 01:20, Vincent Breitmoser <look=40my.amazin.horse@dmarc.ietf.org> wrote: > > I don't want to be too dismissive of these efforts, but personally I'm not convinced of the value proposition. WKD took us a decade to get to a relatively stable state, and there are now finally some tens of thousands of domains that use it. The features listed here do not warrant a competing standard imo, unless WKD is completely stuck as a spec - which I don't think (hope) it is. If I had to pick the most pressing issue, it’s that we want to be able to serve both a v4 and a v6 certificate in one lookup, and many clients will choke on the whole thing rather than gracefully ignore v6 - so we need some way to upgrade to v6 safely. Nobody was sure how to do that without defining a parallel discovery method, at which point unifying v6 search and v6 discovery under a single API minimises the number of competing standards. A
- [openpgp] Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Daniel Huigens
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Vincent Breitmoser
- [openpgp] Re: Certificate discovery over HKP Daniel Huigens
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Vincent Breitmoser
- [openpgp] Re: Certificate discovery over HKP Bart Butler
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher
- [openpgp] Re: Certificate discovery over HKP Andrew Gallagher