WKD: returns only one pubkey (and why)
bernhard at intevation.de
Thu Jan 26 11:04:32 CET 2023
Am Donnerstag 26 Januar 2023 09:42:24 schrieb Werner Koch via Gnupg-devel:
> > I just want to self-publish all trusted keys
> > for my email address and have a protocol to specify that people should
> Actually you can do this, but we don't have the tooling to upload such a
> ket without manual intervention. Here is a test case:
> Then on the client you can test this:
> Both keys have been retrieved
for my understanding, this technical test case
tests something that is outside the specification of
(the current specification, as cited in the start of the discussion)
> (filtered to have only the requested user
> id) and the best matching key has been listed. With an implementation
> w/o support for ed25519 the RSA key would have been listed.
> So far with the theory and here comes the bug: There is no valid
> encryption subkey and thus --locate-external-key should indeed list the rsa
> key. See https://dev.gnupg.org/T6358 .
Looks like an example how distributing two active keys via WKD
make it more complicated to implement use case 1).
And a for a rollover, just the new public key could be distributed,
so I'd say multiple pubkeys are not necessary for the rollover.
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel