WKD proper behavior on fetch error

Stefan Claas spam.trap.mailing.lists at gmail.com
Sun Jan 17 19:41:44 CET 2021


On Sun, Jan 17, 2021 at 7:30 PM Ángel <angel at pgp.16bits.net> wrote:
>
> On 2021-01-17 at 16:28 +0100, Stefan Claas wrote:
> > sorry, but simply said I discovered now that a second major and
> > trusted
> > contender, Mailvelope supported by BSI and audited, works also as
> > sequoia-pgp does. Werner and his (shrinking in numbers) supporters
> > should think now what do to, instead of defending something, that
> > could
> > be improved. Try to see it this way, It does not hurt, I promise! :-)
> >
> > I will try to find the US competitor for Mailvelope and test this as
> > well.
>
> Looking at mailvelope dns queries, it isn't even trying the advanced
> method, so no wonder it doesn't fail on a bad certificate there.

Please try to accept that GitHub (and maybe in the future others as well)
has *no* bad certificate! The only thing which could be considered "bad"
or at least sub-optimal for a global ML, like this one, Is the support in
form of the GnuPGP ecosystem devs.
>
> Looking at flowcrypt code at
> https://github.com/FlowCrypt/flowcrypt-browser/blob/master/extension/js/common/api/key-server/wkd.ts
> they do support the advanced method but on any failure fetching the
> policy file, they will check the direct method (this may be slightly
> different to the condition in which way sequoia falls back).
>
> I feel there is a need for a proper wkd test suite (as well as a
> clarifying on the draft itself the things that are coming up).

Yes, but please a test suite in form from independent third parties,
if possible, or
in case of GnuPG devs heavily discussed and supported by OpenPGP app devs.

Regarding the draft, fully agree and if you check dev.gnupg.org, dkg was so kind
already and suggested proper clarification for WKD users.

Regards
Stefan



More information about the Gnupg-users mailing list