WKD & Sequoia

Stefan Claas spam.trap.mailing.lists at gmail.com
Wed Jan 13 22:16:02 CET 2021

On Wed, Jan 13, 2021 at 10:00 PM Erich Eckner via Gnupg-users
<gnupg-users at gnupg.org> wrote:
> Hash: SHA256
> On Wed, 13 Jan 2021, Juergen Bruckner via Gnupg-users wrote:
> > Hello Stefan!
> Hi all,
> >
> >
> > [...]
> >> sequoia did the right step and I hope for people relying on GnuPG that
> >> it is possible for them in the future too.
> >
> > So did Sequoia do that?
> > You consider not to follow policies "the right step"?
> > Sorry, but you dont have a clue about security!
> >
> > The only right way is to follow policies word by word.
> That is certainly correct. But: WKD is "just" a draft, so it's open to
> suggestions for change. "Ignore invalid certificates of the advanced URL"
> is one suggestion.

Correct a suggestion and Neal for example discussed this with his
team in the past and they gave users, like me, the ability for a
working solution, without IMHO breaking the specs.

> In my view, this whole, lengthy thread boils down to the question, whether
> we want that or we don't want that.

Well, I see this a bit different. If it comes to discussions or votes
on this ML here or the IETF ML, than this is only a minority IMHO
and it can also been down voted etc.

As you said this is a draft It should formulated this way IMHO that it
allows the greatest flexibility in a protokoll, to fulfill all use cases,
when it comes to WKD. I also understand that WKD is Werner's baby
but when a draft or an RFC is present than it should be allowed to
have a healthy discussion.


More information about the Gnupg-users mailing list