[whatwg] Whitelist protocol openpgp4fpr

Hi,

This is a request to add "openpgp4fpr" to the whitelisted schemes for
window.navigator.registerProtocolHandler().

In 2010, the Monkeysphere project (web.monkeysphere.info) introduced the
"openpgp4fpr:<FINGERPRINT>" scheme for sharing OpenPGP key fingerprints,
where <FINGERPRINT> is the full 40 hex character fingerprint of a
primary key. Perhaps more significantly, several Android applications
(APG/OpenKeychain, and the Guardian Project's GnuPG port) now accept
this scheme as a means of quickly exchanging public keys via QR codes.
It is thus a protocol scheme that, within its domain, is well
established and not subject to change.

It is also one that is not inherently limited to the mobile platform.
I've created a simple proxy that would handle openpgp4fpr URIs to
translate them into keyserver queries: https://openpgp4.info/
(Self-signed, pending a proper cert in a few days.) This works in
Firefox, but browsers that enforce a whitelist will not accept it at
this time.

Would there be any support for adding this protocol, and if there is
opposition, what obstacles are there? To be clear, I am not involved in
any of the above-mentioned projects, but I am willing to approach them
if this group needs information from them.

Cheers,
Chris

Received on Monday, 13 October 2014 00:59:44 UTC