Web Key Directory

Werner Koch wk at gnupg.org
Thu May 12 09:47:59 CEST 2016

On Tue, 10 May 2016 09:40, bernhard at intevation.de said:

> Ok, where did you take it from?

*h*ashed *u*serid

> Being able to show the credentials to the mail service provider that
> can access the email account (storage and settings) is equivalent from the 
> security point of view of being able to send and receive the emails over this 

That mixes two entirely different services.  Web service may even be

>> Even if parts of the protocol would use HTTPS, there will in any case be
>> a need to use SMTP/LMTP/IMAP/POP3 for the email confirmation. 
> Why? To show that the client can do email format construction and
> parsing?

To receive and send confirmation mails ??

> What security purpose are you thinking of with air gaps?
> You mean in the case that your client is on a disconnected machine
> and you transport emails over via removable medias? This seems to be

Right , that is what an ari gap is about.

> a very rare use case from my point of view. And it could be done with
> an https based protocol as well, just allow the challenge to be answered
> with a reasonable time delay.

I am not sure whether RFC-1149 like transport mechanisms [1] will work
with TLS :-)



[1]  Standard for the transmission of IP datagrams on avian carriers. D.
     Waitzman. April 1990. (Format: TXT=3329 bytes) (Updated by RFC2549,
     RFC6214) (Status: EXPERIMENTAL) (DOI: 10.17487/RFC1149) 

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: https://alt-hochdahl.de/haus */

More information about the Gnupg-devel mailing list