drafts,openpgp-webkey-service: Add a security suggestion.

author Werner Koch <wk@gnupg.org>

Thu, 12 Jul 2018 09:13:33 +0000 (11:13 +0200)

committer Werner Koch <wk@gnupg.org>

Thu, 12 Jul 2018 09:14:02 +0000 (11:14 +0200)
author Werner Koch <wk@gnupg.org>
Thu, 12 Jul 2018 09:13:33 +0000 (11:13 +0200)
committer Werner Koch <wk@gnupg.org>
Thu, 12 Jul 2018 09:14:02 +0000 (11:14 +0200)
diff --git a/misc/id/openpgp-webkey-service/draft.org b/misc/id/openpgp-webkey-service/draft.org

index 3b4f717..f000e82 100644 (file)
--- a/misc/id/openpgp-webkey-service/draft.org
+++ b/misc/id/openpgp-webkey-service/draft.org
@@ -491,6 +491,12 @@ To make it a bit harder to test for published keys, the server
  responsible to serve the WELLKNOWN directory SHOULD NOT create an
  index file for that directory or any sub-directory.
  
+The mail provider MUST make sure to filter a key in a way that only
+the User ID belonging to that user is returned and that confirmation
+requests are only send for such User IDs.  It is further recommended
+that a client filters the key for a publication requests so that only
+a key with the specific User ID of the provider is send.
+
  
  * IANA Considerations
author	Werner Koch <wk@gnupg.org>
	Thu, 12 Jul 2018 09:13:33 +0000 (11:13 +0200)
committer	Werner Koch <wk@gnupg.org>
	Thu, 12 Jul 2018 09:14:02 +0000 (11:14 +0200)