W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

[whatwg] Whitelist protocol openpgp4fpr

From: Chris Markiewicz <effigies+whatwg@gmail.com>
Date: Sun, 12 Oct 2014 20:59:10 -0400
Message-ID: <543B23DE.9010608@gmail.com>
To: whatwg@whatwg.org

This is a request to add "openpgp4fpr" to the whitelisted schemes for

In 2010, the Monkeysphere project (web.monkeysphere.info) introduced the
"openpgp4fpr:<FINGERPRINT>" scheme for sharing OpenPGP key fingerprints,
where <FINGERPRINT> is the full 40 hex character fingerprint of a
primary key. Perhaps more significantly, several Android applications
(APG/OpenKeychain, and the Guardian Project's GnuPG port) now accept
this scheme as a means of quickly exchanging public keys via QR codes.
It is thus a protocol scheme that, within its domain, is well
established and not subject to change.

It is also one that is not inherently limited to the mobile platform.
I've created a simple proxy that would handle openpgp4fpr URIs to
translate them into keyserver queries: https://openpgp4.info/
(Self-signed, pending a proper cert in a few days.) This works in
Firefox, but browsers that enforce a whitelist will not accept it at
this time.

Would there be any support for adding this protocol, and if there is
opposition, what obstacles are there? To be clear, I am not involved in
any of the above-mentioned projects, but I am willing to approach them
if this group needs information from them.

Received on Monday, 13 October 2014 00:59:44 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC