[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: WKD: returns only one pubkey (and why)
From: Andrew Gallagher via Gnupg-devel <gnupg-devel () gnupg ! org>
Date: 2022-12-14 10:31:40
Message-ID: 2BE69EB4-63F1-44AF-9AA0-612BC16BE14D () andrewg ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 13 Dec 2022, at 21:32, Dashamir Hoxha via Gnupg-devel <gnupg-devel@gnupg.org> \
wrote:
>
> However I am not sure, can we find out the userids of the key that is used to sign? \
> If not, then we cannot infer the domain of the well-known url.
See Neal's earlier comment. We can in principle, but only if the signer has added \
that subpacket to their signature, which cannot be relied upon.
> In this case we might need a directory service to lookup the userid(s) that are \
> associated with a certain key id (think of it like a phone book -- you know the \
> phone number and you can find the name of its owner). This directory service might \
> be based on blockchains, or it might be a modified (simplified?) version of the \
> current keyservers.
If you think keyservers are prone to abuse and spam, you *do not* want a blockchain.
> However, if we have such a directory service, then we can just list the url where \
> the public key is located, so maybe we don't need a "well-known url" format.
Or we could just serve the key directly from the directory… ;-)
A
[Attachment #5 (unknown)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: \
space; line-break: after-white-space;">On 13 Dec 2022, at 21:32, Dashamir Hoxha via \
Gnupg-devel <gnupg-devel@gnupg.org> wrote:<br><div><blockquote type="cite"><br \
class="Apple-interchange-newline"><div><meta charset="UTF-8"><div \
class="gmail_default" style="caret-color: rgb(0, 0, 0); font-style: normal; \
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: \
start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: \
0px; -webkit-text-stroke-width: 0px; text-decoration: none; font-family: arial, \
sans-serif; font-size: small;">However I am not sure, can we find out the \
userids of the key that is used to sign? If not, then we cannot infer the domain \
of the well-known url.</div></div></blockquote><div><br></div><div>See Neal's earlier \
comment. We can in principle, but only if the signer has added that subpacket to \
their signature, which cannot be relied upon.</div><br><blockquote \
type="cite"><div><div class="gmail_default" style="caret-color: rgb(0, 0, 0); \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
font-family: arial, sans-serif; font-size: small;">In this case we might need a \
directory service to lookup the userid(s) that are associated with a certain key id \
(think of it like a phone book -- you know the phone number and you can find the name \
of its owner). This directory service might be based on blockchains, or it might be a \
modified (simplified?) version of the current \
keyservers.</div></div></blockquote><div><br></div>If you think keyservers are prone \
to abuse and spam, you *do not* want a blockchain.<br><div><br></div><blockquote \
type="cite"><div><div class="gmail_default" style="caret-color: rgb(0, 0, 0); \
font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: \
normal; text-align: start; text-indent: 0px; text-transform: none; white-space: \
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; \
font-family: arial, sans-serif; font-size: small;">However, if we have such a \
directory service, then we can just list the url where the public key is located, so \
maybe we don't need a "well-known url" \
format.</div></div></blockquote></div><div><br></div><div>Or we could just serve the \
key directly from the directory… \
;-)</div><div><br></div><div>A</div><div><br></div></body></html>
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic