Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. devel
webkey service: caching/robot policy statements?
gnupg-devel at gnupg
Jul 8, 2019, 8:08 PM
Post #1 of 3 (319 views)
Permalink
Folks,

In draft-koch-openpgp-webkey-service-08 section 4.5, policy flags, the
use of WELLKNOWN/policy is defined, with an extension mechanism.

Does this seem a reasonable location for a "caching keyserver" to check
for directives on policy controls, too?

Something like (assuming standardized, which is absolutely not
appropriate yet):
cache-policy: prohibited
or:
cache-policy: min-refresh-interval=2d
?

Also, to double-check: the local use extension would be:

pennock.tech_cache-policy:

? I'm going to risk descending into bikeshedding here because that
feels so unusual. Rather than a whole new syntax, the two most obvious
alternatives are:

1. Use an `@` as per RFC4880 notation data, or the SSH protocol, thus:
cache-policy@pennock.tech: min-refresh-interval=2d

2. Use reversed domain syntax, per Java, thus:
tech.pennock.cache-policy: min-refresh-interval=2d

And to re-emphasize: I don't want cache-policy added yet, I'm still
sketching out the rough ideas in my head, I'm mostly checking if the
policy file could be for more than submission controls without having
people scream at me, and if I have the extension syntax right.

Thanks,
-Phil

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: webkey service: caching/robot policy statements? [ In reply to ]
bernhard at intevation
Jul 9, 2019, 2:31 AM
Post #2 of 3 (319 views)
Permalink
Am Dienstag 09 Juli 2019 05:08:57 schrieb Phil Pennock via Gnupg-devel:
> Does this seem a reasonable location for a "caching keyserver" to check
> for directives on policy controls, too?

What is a "caching keyserver" in this context?
What purpose would it serve?

A WKD request would only be served by the TLS certificate of the
webserver of the original domain. This cannot be cached, otherwise the check
would not be working.

Also, a third party server would not know the email address to ask for.
(Unless given by some application.) So why would this application prefer the
third party server when it could ask the real WKD server?

Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

Attached Files:

Re: webkey service: caching/robot policy statements? [ In reply to ]
andrewg at andrewg
Jul 9, 2019, 4:14 AM
Post #3 of 3 (319 views)
Permalink
On 09/07/2019 10:31, Bernhard Reiter wrote:
> What is a "caching keyserver" in this context?
> What purpose would it serve?

See https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062151.html
- this is also of relevance to your previous post.

--
Andrew Gallagher

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal