Only one pubkey to be delivered by WKD (Re: Update keys.gnupg.net?)
bernhard at intevation.de
Wed Jul 28 15:58:23 CEST 2021
Am Mittwoch 28 Juli 2021 12:28:08 schrieb Simon Josefsson via Gnupg-devel:
> It seems like a
> neat thing to have all my keys in there, in case someone wants to verify
> old signatures. Is this forbidden? As far as I can tell from wks draft
> -12 it is permitted: 'Note that the key may be revoked or expired - it
> is up to the client to handle such conditions.'.
Yes, in my reading it is "forbidden" to have more than one non-revoked pubkey
in a WKD reponse.
The HTTP GET method MUST return the binary representation of the
OpenPGP key for the given mail address. The key needs to carry a
User ID packet ([RFC4880]) with that mail address. Note that the key
may be revoked or expired - it is up to the client to handle such
conditions. To ease distribution of revoked keys, a server may
return revoked keys in addition to a new key. The keys are returned
by a single request as concatenated key blocks.
It is singular "the key" and "in addition to a new key".
Additionally ss Werner wrote: it would defy the purpose otherwise. :)
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel