WKD proper behavior on fetch error
gnupg at raf.org
Tue Jan 19 00:11:58 CET 2021
On Mon, Jan 18, 2021 at 01:42:52PM +0100, André Colomb <andre at colomb.de> wrote:
> We need to remember that WKD is only a convenience mechanism for
> discovery, not any kind of authentication.
> Kind regards
And it's discovery that begins with an email address. I
still can't work out what functionality WKD provides in
a situation that isn't email-related.
If you have a non email-related use case for obtaining
a key, why use a non-functioning email address
lookalike as a label for the key, and then require the
user to use WKD client software to obtain the key, when
you could even more easily just give the user a URL
which can act as the label for the key, and the user
could then use any simple HTTP client to obtain the key.
In other words, when there is no email address, there
is no link between an email address's domain and a
website with the same domain (and a presumed connection
between the administration of the email and web
services for that domain), what functionality does WKD
It's the existence of a working email address that the
user already possesses, in combination with the
presumed link between the administration of a mail
service and a web service, that make WKD able to
provide discovery that is automatic and reliable.
Without all of the above, there is no discovery,
reliable or otherwise, and it's not automatic,
because the user has to obtain the label first
If you have to give the user a special new label that
they don't already possess (because it isn't a natural
email address), why can't that label be a URL instead?
Why do they need special WKD software when they could
use any HTTP client? What does the user gain from it?
What does the key owner gain from it?
Forgive me if I'm being ignorant and unimaginative, and
perhaps I should just stop trying to understand, but it
looks to me like a case of finding a hammer, and things
starting to look more and more nail-like.
There should be some benefit to be had from the
additional complexity of using WKD in the absence of
email, but I can't see what it is, and it hasn't been
explained (unless I missed that).
More information about the Gnupg-users