WKD proper behavior on fetch error

Werner Koch wk at gnupg.org
Thu Jan 14 14:43:06 CET 2021


On Thu, 14 Jan 2021 01:47, Ángel said:

> I understand this to mean it as "only use the direct method if the
> required sub-domain does not exist", with the SHOULD meaning that the
> direct method is not required (not sure why, I would have probably used

Right.  The subdomain is actually a workaround for SRV RR.  We can't
use the latter in browser based implementation and thus need to resort
to this hack.

SHOULD was used to allow the direct method in existing use cases.

In case this has not yet been mention: If wildcards are used in the DNS
a dummy TXT RR should be used to except the openpgpkey subdomain from
wildcarding.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210114/5c527736/attachment.sig>


More information about the Gnupg-users mailing list