27090 2014-10-17 02:22:56 +0000 openpgp4fpr is a scheme used for sharing PGP key fingerprints. Also posted a message, here: http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Oct/0148.html 2015-01-08 18:54:27 +0000 1 1 1 Unclassified WHATWG HTML unspecified Other other RESOLVED FIXED https://html.spec.whatwg.org/#whitelisted-scheme P3 normal Unsorted 1 contributor ian effigies ian mike contributor oldest_to_newest 113363 0 contributor 2014-10-17 02:22:56 +0000 Specification: https://html.spec.whatwg.org/multipage/webappapis.html Multipage: https://html.spec.whatwg.org/multipage/#whitelisted-scheme Complete: https://html.spec.whatwg.org/#whitelisted-scheme Referrer: Comment: openpgp4fpr is a scheme used for sharing PGP key fingerprints. Also posted a message, here: http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Oct/0148.html Posted from: 50.157.207.187 User agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.120 Chrome/37.0.2062.120 Safari/537.36 115563 1 ian 2014-11-26 21:31:07 +0000 What does going to such a URL do? Is it something where you'd be ok if random evil Web pages kept sending you there? 116810 2 effigies 2015-01-06 02:44:36 +0000 It will depend entirely on the handler, just like any URL, presumably. The full protocol is: openpgp4fpr:<40 Hex digits> A handler would (most likely) attempt to look up an OpenPGP key, either from the user's keyring or from a keyserver. As far as I know the only existing examples of handlers are for Android, as the protocol is used to pass key fingerprints through QR codes, and Android allows the registration of arbitrary handles. A proof of concept handler can be installed in Firefox at: https://openpgp4.info/ If a random evil web page kept sending you there, you would simply keep opening that page. 116853 3 ian 2015-01-06 22:52:10 +0000 Well, I can't think of an attack scenario here, so, sure. Added. 116854 4 contributor 2015-01-06 22:52:53 +0000 Checked in as WHATWG revision r8872. Check-in comment: Add openpgp4fpr: scheme to whitelist for registration https://html5.org/tools/web-apps-tracker?from=8871&to=8872 116858 5 effigies 2015-01-06 23:05:26 +0000 Was it intentional to remove nntp? 116925 6 ian 2015-01-08 18:39:04 +0000 Woah, no, what the heck. Fixed. Thanks for catching that! 116935 7 ian 2015-01-08 18:54:27 +0000 Checked in as WHATWG revision r8878. Check-in comment: Put back nntp to the scheme whitelist, since it was removed completely accidentally. https://html5.org/tools/web-apps-tracker?from=8877&to=8878