Based on various feedback from the KOO board and the OpenPGP Email Summit:
- We need a v2 submission format for KOO's two-step verification, but make it a pre-auth system (it is currently post-auth):
- it prevents randomers from accidentally generating verification emails by uploading the keys of their correspondents
- it permits future verification extensions, e.g. static proofs
- ASCII armor is not well suited to web APIs; use multipart/form-data or raw file type instead to save a double-encoding step in form submission.
- Swap version and endpoint in the paths, this makes it much easier to support back/forwards compatibility.
Edited by Andrew Gallagher