[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: WKD: returns only one pubkey (and why)
From: Bernhard Reiter <bernhard () intevation ! de>
Date: 2022-12-09 8:59:59
Message-ID: 202212091000.16718.bernhard () intevation ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi David,
saw that you had a question about WKD in your blog:
https://sleepmap.de/2022/new-pgp-key-id-1793dad5d803a8ffd7451697bb992f9864fad168/
You write:
gpg --locate-keys dave@sleepmap.de
The above only returns the new key [..], but not the old [..].
It is entirely opaque to the user as to why.
The reason is that WKD only allows
for returning one active public key.
https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-15#name-key-discovery
has
The HTTP GET method MUST return the binary representation of the OpenPGP
key for the given mail address.
[..]
a server may return revoked keys in addition to a new key.
The use of _the_ and _a_ key shows that only one public key is to be returned.
This makes sense because the idea is that a client can directly use the key
for encryption without asking the user for choice.
It seems that the version of sequoia-pgp you were using in April does not
implement the WKD draft correctly
by providing and downloading more than one pubkey.
This may have added to your confusion.
Nontheless the intentions could be written more explicit in the WKD draft,
which I have meanwhile suggested to the author.
Regards,
Bernhard
ps.: BTW there is a new group of synchronised pubkey servers, since a while,
e.g. see https://social.tchncs.de/@ber/107008659842900171
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic