WKD proper behavior on fetch error

André Colomb andre at colomb.de
Sun Jan 17 21:17:53 CET 2021

Hi Stefan,

On 17/01/2021 19.41, Stefan Claas via Gnupg-users wrote:
> Please try to accept that GitHub (and maybe in the future others as well)
> has *no* bad certificate! The only thing which could be considered "bad"
> or at least sub-optimal for a global ML, like this one, Is the support in
> form of the GnuPGP ecosystem devs.

GitHub's web server, *in your specific use case* is sending a
certificate proving it is an apple when you're asking for it under the
name "orange".  That makes the certificate *invalid* for that connection
request as it could not be distinguished from a man in the middle attack
asking your browser to "Please try to accept that this apple is an orange".

Don't you find it strange that you are the only one still insisting that
it's valid when several very knowledgeable people have explained to you
in many different ways why it's simply not true?

And please tone down on the GnuPG criticism.  It's your right to dislike
the software or even Werner Koch personally.  But this is not the right
place for anti-publicity or constant personal stabs against people who
have patiently spent a lot of time to help and educate you.  Please try
to keep the discussion productive.

Kind regards

From: André Colomb <andre at colomb.de>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210117/e7e10bab/attachment.sig>

More information about the Gnupg-users mailing list