Implementing a WKS solution
Dashamir Hoxha
dashohoxha at gmail.com
Wed Feb 10 21:59:38 CET 2021
Hi,
It seems to me that the wiki page of WKS is a bit outdated:
https://wiki.gnupg.org/WKS
The RFC description seems to be up to date, but it also says that it
is a "draft". The manual pages of gpg-wks-server and gpg-wks-client
may need some updates too.
A page with information that seems outdated does not inspire
confidence in people. Personally I believe that WKS works well, but I
have seen people who are seeking alternative solutions because they
say that it "never moved past the alpha stage".
So, what is the status of WKS? Is it tested and safe?
Another issue that I have come across is that procmail seems to be
unmaintained for a long time (https://lwn.net/Articles/416901/). One
of the recommended replacements is maildrop, which is also more
readable, and a bit safer (because it saves mails to a temporary file
first, before processing them). Has anyone tried it for WKS, or has
any idea on how to convert the procmail recipe to a maildrop recipe?
Actually I don't mind that procmail is unmaintained or less readable,
as long as I have a recipe that works as expected, and I know that it
has no safety or robustness problems.
Finally, I am implementing a generic mail server solution with WKD+WKS
support. It would be great if someone could help with checking that I
am doing it correctly and safely:
- https://gitlab.com/docker-scripts/postfix/-/blob/master/docs/3-wkd-wks.md
- https://gitlab.com/docker-scripts/postfix/-/blob/master/cmd/wkd.sh
- https://gitlab.com/docker-scripts/postfix/-/blob/master/scripts/wks.sh
- https://gitlab.com/docker-scripts/postfix/-/blob/master/tests/test3.sh
I have tested it myself and it works. But I am more interested in
testing how safe it is if someone tries to break it. I don't doubt the
strength of GPG or the WKS protocol, but I doubt my skills in Postfix
configuration (which is quite complex to be honest). I am going to
make a test mailserver installation soon, so that anyone interested
may try to check it and identify any problems.
Thanks,
Dashamir
More information about the Gnupg-devel
mailing list