Web Key Discovery

Sam Bull gnupg-devel at sambull.org
Thu Mar 22 00:52:37 CET 2018


On Wed, 2018-03-21 at 17:59 +0000, Damien Goutte-Gattat wrote:
> On 03/21/2018 02:44 PM, Sam Bull wrote:
> > If I understand correctly, the web key directory must return a key
> > containing a
> > matching email address. It also doesn't seem to support any wildcards,
> If I understand your setup correctly, your problem is not with the Web 
> Key Directory system, but with OpenPGP itself, as OpenPGP keys indeed 
> don't support wildcards.

Not necessarily. It's the web key directory that requires a key to match the
given email address. For example, I am signing this email without it matching
the User ID. If the web key directory didn't require the user ID to match, I
could set up a server to return my PGP key for any email address under my
domain.

I don't see what is added by requiring the user ID to match.

Of course, supporting a wildcard in the user ID would also solve this issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180321/4c5eeae3/attachment-0001.sig>


More information about the Gnupg-devel mailing list