Web Key Discovery

Sam Bull gnupg-devel at sambull.org
Tue Apr 3 13:02:17 CEST 2018

On Mon, 2018-03-26 at 13:41 +0100, Sam Bull wrote:
> On Thu, 2018-03-22 at 08:03 +0100, Werner Koch wrote:
> > It maps a mail address to a key.  It is possible to map several mail
> > addresses to the same key but the key needs to carry a user ID for each
> > key.
> Right, but it seems to require mapping the key to the mail address as well,
> i.e. it must match in both directions.
> If it was only matching an address to a key, then I could configure my server
> to map all email addresses to the key I am currently using. This is the
> correct key that people should use to contact me, but the user ID would not
> match, therefore doesn't work when you require the key to also map to the
> address.

Also note in the DANE RFC, it only says:

    One User ID Y, which SHOULD match     'hugh at example.com'

i.e. If the user ID doesn't match, it won't cause a validation error (it's a recommendation, rather than a requirement). Why can't the web key discovery take the same approach?

> > > Of course, supporting a wildcard in the user ID would also solve this
> > > issue.
> > I am not sure what you mean by wildcard.
> Well, for example, the email I am using for this mailing list is
> gnupg-devel at sambull.org. So, each unique email is a full email under my
> personal domain. So by wildcard, I mean something like "*@sambull.org"
> matching any valid address under my domain name.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180403/199403a5/attachment-0001.sig>

More information about the Gnupg-devel mailing list