WKD vs VV and VVV

Werner Koch wk at gnupg.org
Wed Apr 25 17:41:52 CEST 2018


On Wed, 25 Apr 2018 08:49, bernhard at intevation.de said:

>   ** no distribution of old pubkeys for old signatures.
>      This may be a valid use case once the main use cases are solved.

That is why we suggest to also upload keys to a keyserver.  Signatures
carry the full fingerprint and thus the key can easily be retrieved from
any keyserver.  The Web Key Directory is mainly for the _initial_ key
discovery.

>   ** Because no authentication is needed when submitting a pubkey via SMTP,
>      it shall be possible to use this management servive as
>      email-address-dossier.
>      This is something I don't understand as WKD is not walkable.

Wrong.  The mail provider sends the mail back to the legitimate owner of
the address and not to the sender.  That is the whole point of all mail
verification systems.


Shalom-Salam,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180425/4c90ad91/attachment-0001.sig>


More information about the Gnupg-devel mailing list