Question to WKD-Feature

Werner Koch wk at gnupg.org
Mon Nov 7 18:01:56 CET 2016


On Mon,  7 Nov 2016 09:14, bernhard at intevation.de said:

> without looking into the contents? They could just deliver the ascii 
> armored pubkey they've gotten from the client via auth-summit.

They can't do that because they need to filter the key first.  It is
important to remove all mail addresses  but  the one which is expected
under this entry in the WKD.

Consider a client which imports from the WKD or DANE without filtering
(which a client should also do that) and further does not track which
user ID has been received via WKD.  That would spoil the local keyring
with unverified mail addresses.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161107/ff05980d/attachment.sig>


More information about the Gnupg-devel mailing list