Including non-selfsigs in WKD?

Simon Josefsson simon at josefsson.org
Mon Jul 11 13:40:21 CEST 2022


Ingo Klöcker <kloecker at kde.org> writes:

> On Montag, 11. Juli 2022 12:29:44 CEST Simon Josefsson wrote:
>> Ingo Klöcker <kloecker at kde.org> writes:
>> > On Samstag, 9. Juli 2022 14:44:44 CEST Simon Josefsson via Gnupg-devel 
> wrote:
>> >> Dashamir Hoxha via Gnupg-devel <gnupg-devel at lists.gnupg.org> writes:
>> >> > I agree that these things should be discussed and explained somewhere,
>> >> > in
>> >> > user guides, tutorials, etc. But maybe not in the spec. The spec does
>> >> > not
>> >> > even mention the command `gpg --export`, how can it describe and detail
>> >> > export options?
>> >> 
>> >> The spec can speak about what data should go into the file, that's the
>> >> point of a specification.  It shouldn't speak about
>> >> implementation-specific commands of course.  Right now it says any
>> >> OpenPGP public key for the particular user is valid, but I don't think
>> >> it says anything either way about which sub-packets of that public key
>> >> are permitted, encouraged or forbidden in the WKD published data.
>> > 
>> > The preferred way to "export" the key data to publish via WKD (not by the
>> > spec, but by WKD's inventor) is to use gpg-wks-client.
>> 
>> Does it export signatures of the key?
>
> From a quick glance at the code third-party signatures seem to be included in 
> the export.

Indeed, then this implementation is behaving like I would want it to,
and what is missing is guidance in the specification so that other
implementations will behave the same.

> And that makes sense because you probably want to publish your own
> cross-certifications when you do a key rollover.

It would be possible to separate third-party signatures from
cross-certifications, but I don't think that should be done.

/Simon

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 255 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220711/ed89ed81/attachment.sig>


More information about the Gnupg-devel mailing list