AW: Web Key Directory handling of IDN

Jürgen Schäpker Juergen.Schaepker at
Mon Nov 7 16:54:20 CET 2016


>I asked what normalization they do on the local part, not whether they
>support it.

Apparently NFC is used:

>> In other words: if the standard doesn't work in reality, change
>> reality.

>I'm saying that there is an impersonation problem with your proposal. If
>you register <jürgen at>, I could register
><xn--jrgen-kva at> and get my OpenPGP key in the WKD instead of

This can't happen when hashes are calculated from normalized full email addresses and uniqueness is checked by WKD/WKS before storing a new hash. It also cannot happen if email servers check for such collisions before registering addresses. Most domain registrators usually (offer to) register both domains automatically.

>Please actually read what I am saying without resorting to cheap shots
>that frankly are far off the bow. And yes, I'm mixing expressions :-).
>Not sure it holds up to close scrutiny, but I thought it was nice.

I'm sorry if my words seemed like cheap shots to you, they are not intended that way. But I do believe that a productive discussion needs intellectual honesty and curiosity from all. To just disregard scenarios and use cases one personally might not have thought about before seems somewhat lazy to me.

Best regards,

More information about the Gnupg-devel mailing list