Question to WKD-Feature

Neal H. Walfield neal at walfield.org
Fri Jan 6 12:57:14 CET 2017


On Mon, 07 Nov 2016 18:01:56 +0100,
Werner Koch wrote:
> On Mon,  7 Nov 2016 09:14, bernhard at intevation.de said:
> 
> > without looking into the contents? They could just deliver the ascii 
> > armored pubkey they've gotten from the client via auth-summit.
> 
> They can't do that because they need to filter the key first.  It is
> important to remove all mail addresses  but  the one which is expected
> under this entry in the WKD.
> 
> Consider a client which imports from the WKD or DANE without filtering
> (which a client should also do that) and further does not track which
> user ID has been received via WKD.  That would spoil the local keyring
> with unverified mail addresses.

I thought you always said that the local keyring is not trusted.
Further, if the user ever refreshes the key from the key server, then
the other user ids will be imported.

(Note: for something like the automated encryption scheme [1] that
uses keys retrieved via WKD as proof of basic validity, we need to
track whether the user id, not the key, was retreived via WKD!)

[1] https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption




More information about the Gnupg-devel mailing list