WKD was Remove public key from keyserver

Stefan Claas stefan.claas at posteo.de
Tue Jan 16 20:41:42 CET 2018

On Tue, 16 Jan 2018 19:51:17 +0100, Werner Koch wrote:

> We definitely want to refine some things there but that requires a
> wider deployment.

I will for sure follow the WKD development and hope that also more
mail providers will offer a WKD service.
> > i have with posteo's WKD implementation is that their policy is
> > pretty strict, which i personally don't like and i told them so. I
> > would like  
> Posteo does only allows the mail address (addr-spec) and no real name
> in the key for data protection reasons.  Thus a
>  $ wget -O- posteo.de/.well-known/openpgpkey/policy 2>/dev/null
>  # Policy for draft-koch-openpgp-webkey-service-04
>  mailbox-only
>  auth-submit
> shows this policy flag.  If you upload your key using a tool employing
> gpg-wks-client (e.g. Kmail or Enigmail) this policy will be detected
> and if a plain addr-spec only user0id does not exists a new user-id
> will be created and sent to posteo.
> The real problem with Posteo is that they use invalid certificates for
> all but the posteo.de domain.  Thus my posteo.net account does not
> work because they redirect to posteo.de but do not include posteo.net
> in the certificate for the initial access to posteo.net.  Bummer.

Thanks for the information, much appreciated!



More information about the Gnupg-users mailing list