AW: AW: Web Key Service server lookup

[Jürgen Schäpker]

Hi,

> So this is a webserver that serves the exact same for any request for the site
>at http://for.com/ and the site at http://bar.com/ and this is not an explicit
>decision by the admin but a consequence of limitations of the setup? Sounds
>esoteric enough to ignore to me.

In my experience this is not uncommon. It could be as trivial as a company using domains company.com, company.ca and company.de where email addresses might or might not be aliases between .com, .ca and .de.  robert.smith at company.com might or might not be the same person as robert.smith at company.ca.


Best regards,
JS

-----Ursprüngliche Nachricht-----
Von: Peter Lebbing [mailto:peter at digitalbrains.com] 
Gesendet: Dienstag, 1. November 2016 16:14
An: Jürgen Schäpker; gnupg-devel at gnupg.org
Betreff: Re: AW: Web Key Service server lookup

On 01/11/16 12:49, Jürgen Schäpker wrote:
> Another potential issue in the draft: the domain-part seems to be taken from
> the request URL. In a number of hosting configurations, e.g. via reverse
> proxy, the request URL might by default be rewritten (though in some
> configurations it might be recoverable from X-Forwarded-Host header). In case
> the original requester host cannot be determined, this would create potential
> collisions on WKDs answering for multiple domains, e.g. it couldn't discern
> the hashes for joe at for.com and joe at bar.com.

So this is a webserver that serves the exact same for any request for the site
at http://for.com/ and the site at http://bar.com/ and this is not an explicit
decision by the admin but a consequence of limitations of the setup? Sounds
esoteric enough to ignore to me.

My 2 cents,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

Email secured by Check Point