Only one pubkey to be delivered by WKD (Re: Update keys.gnupg.net?)
Bernhard Reiter
bernhard at intevation.de
Wed Jul 28 15:58:23 CEST 2021
Am Mittwoch 28 Juli 2021 12:28:08 schrieb Simon Josefsson via Gnupg-devel:
> It seems like a
> neat thing to have all my keys in there, in case someone wants to verify
> old signatures. Is this forbidden? As far as I can tell from wks draft
> -12 it is permitted: 'Note that the key may be revoked or expired - it
> is up to the client to handle such conditions.'.
Yes, in my reading it is "forbidden" to have more than one non-revoked pubkey
in a WKD reponse.
Citing from
https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/12/
The HTTP GET method MUST return the binary representation of the
OpenPGP key for the given mail address. The key needs to carry a
User ID packet ([RFC4880]) with that mail address. Note that the key
may be revoked or expired - it is up to the client to handle such
conditions. To ease distribution of revoked keys, a server may
return revoked keys in addition to a new key. The keys are returned
by a single request as concatenated key blocks.
It is singular "the key" and "in addition to a new key".
Additionally ss Werner wrote: it would defy the purpose otherwise. :)
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210728/4f302160/attachment.sig>
More information about the Gnupg-devel
mailing list