WKD proper behavior on fetch error
Ángel
angel at pgp.16bits.net
Sun Jan 17 19:27:05 CET 2021
On 2021-01-17 at 16:28 +0100, Stefan Claas wrote:
> sorry, but simply said I discovered now that a second major and
> trusted
> contender, Mailvelope supported by BSI and audited, works also as
> sequoia-pgp does. Werner and his (shrinking in numbers) supporters
> should think now what do to, instead of defending something, that
> could
> be improved. Try to see it this way, It does not hurt, I promise! :-)
>
> I will try to find the US competitor for Mailvelope and test this as
> well.
Looking at mailvelope dns queries, it isn't even trying the advanced
method, so no wonder it doesn't fail on a bad certificate there.
Looking at flowcrypt code at
https://github.com/FlowCrypt/flowcrypt-browser/blob/master/extension/js/common/api/key-server/wkd.ts
they do support the advanced method but on any failure fetching the
policy file, they will check the direct method (this may be slightly
different to the condition in which way sequoia falls back).
I feel there is a need for a proper wkd test suite (as well as a
clarifying on the draft itself the things that are coming up).
Best regards
More information about the Gnupg-users
mailing list