WKD proper behavior on fetch error

Juergen Bruckner juergen at bruckner.email
Mon Jan 18 12:33:07 CET 2021

Hello Andrew,

Am 18.01.21 um 12:17 schrieb Andrew Gallagher via Gnupg-users:
> On 18/01/2021 11:07, Juergen Bruckner via Gnupg-users wrote:
>> Sequoia accepts an *invalid* certificate for the host 
>> 'foo.abc.github.io' and that is "failure by design".
> This is incorrect. Sequoia *does not* accept this invalid certificate. 
> Sequoia and gnupg only differ in their fallback behaviour after the 
> certificate has been correctly rejected.
Yes I do understand that behavior, but that wasnt explained that way by 

And I have understood it so far that Stefan claims Sequoia recognizes 
this certificate as valid and therefore continues to work.

To my understanding, Stefen has not yet spoken of a "fallback".

He actually went so far, to urge Werner in a more than rude way to add 
this (wrong) behavior into GnuPG.

For me personally, this is still a major obstacle to using Sequoia 
productively or to recommend it to our customers. I still regard this 
behavior as a gross error that needs to be fixed.

Best regards from Austria

/¯\   No  |
\ /  HTML |    Juergen Bruckner
  X    in  |    juergen at bruckner.email
/ \  Mail |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210118/b9150989/attachment.bin>

More information about the Gnupg-users mailing list