Question to WKD-Feature

Werner Koch wk at
Mon Nov 7 18:01:56 CET 2016

On Mon,  7 Nov 2016 09:14, bernhard at said:

> without looking into the contents? They could just deliver the ascii 
> armored pubkey they've gotten from the client via auth-summit.

They can't do that because they need to filter the key first.  It is
important to remove all mail addresses  but  the one which is expected
under this entry in the WKD.

Consider a client which imports from the WKD or DANE without filtering
(which a client should also do that) and further does not track which
user ID has been received via WKD.  That would spoil the local keyring
with unverified mail addresses.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161107/ff05980d/attachment.sig>

More information about the Gnupg-devel mailing list