WKD & Sequoia

André Colomb andre at colomb.de
Wed Jan 13 23:41:52 CET 2021

Am 13. Januar 2021 21:44:07 MEZ schrieb Stefan Claas via Gnupg-users <gnupg-users at gnupg.org>:
>Hi Juergen,
>looks like you are a bit upset, like probably others as well.

I hope others don't mind me speaking in their names. Stefan, we are upset by you making false accusations about which software does something right or wrong. Both softwares are reacting differently to an error which lies in your TLS certificate usage (as several people have proven multiple times). You're not even to blame for that root cause, because it is not under your control. Don't only look at the end result, but please try to understand that the cause lies deeper than just the spec or the clients you tried. 

>I am not aware how their network is set-up and it is not my business,
>but would you not agree that it would be very nice to have a wildcard
>subdomain solution, for all their inhouse offices and employees email
>addresses, while managing themselves key distribution?

It's a little unclear what *exactly* you mean with "a wildcard subdomain solution". WKD can work perfectly with wildcards involved, both on the DNS and TLS levels. But such things can be misconfigured and the spec even explicitly mentions one possible pitfall including a solution. 

Reactions to that kind of misconfiguration should also be standardized in the spec. That's all there is to criticize, IMHO.

Kind regards

From: André Colomb <andre at colomb.de>

More information about the Gnupg-users mailing list