WKD proper behavior on fetch error

Juergen Bruckner juergen at bruckner.email
Sun Jan 17 22:13:23 CET 2021

Well Stefan,

Am 17.01.21 um 21:44 schrieb Stefan Claas:
> On Sun, Jan 17, 2021 at 9:40 PM Juergen Bruckner via Gnupg-users
> <gnupg-users at gnupg.org> wrote:
>> I can only agree with Andre's words.
> Perfectly fine for me if you take this route.
>> And as far as Sequoia is concerned, Stefen's explanations only confirmed
>> that this is software that I definitely don't want to use.
> You don't have to, because we live in a free world.
Yes we live in a free world, and you shouldn't forget this!

>> Software that accepts an invalid digital certificate as correct, has no
>> place in an environment where security and confidentiality are concerned.
>> This is an  a b s o l u t e  NO-GO.
> You talking nonsense while not knowing!
Thank you very much! I'll take that as compliment!

>> GnuPG doesn't have to change anything here.
>> The change MUST be made at Sequoia, preferably yesterday!
> Utterly nonsense, IMHO. sequoia-pgp, Mailvelope (supported by BSI
> and *audited*) and flowcrypt do all work with github.io pages! And you
> were not able to reply to me here if your WKD set-up for dummies worked
> for you. So much for that part...

If something, or a software ist supported by BSI and/or audited *does 
not* say it is free of bugs or failures.

Your showcase with github.io also says nothing else than that Sequoia 
considers an invalid certificate to be correct. That this happens in 
audited software says just as much about the value of the audit.

And it's not 'my' setup for dummies, it was a general question because 
most of the explanations are very specific and can pose major problems 
for a 'beginner'.

I have been using WKD successfully in different versions for a long 
time. The only thing that was new for me in this context is the 
possibility of implementing WKD via the openpgp server using a CNAME entry.

/¯\   No  |
\ /  HTML |    Juergen Bruckner
  X    in  |    juergen at bruckner.email
/ \  Mail |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210117/9108434e/attachment.bin>

More information about the Gnupg-users mailing list