Please tackle the Right Thing
Werner Koch
wk at gnupg.org
Wed Jan 20 13:51:26 CET 2021
On Tue, 19 Jan 2021 16:31, Stefan Claas said:
> there exists also a direct-method in you current draft, which people like
> to use, when low on budged or which like to avoid, for whatever privacy
If you do some research on the infrastructure of large providers (which
includes talking to them) you may learn that there might be an
example.com
address which is not under the control of the example company.
However, SRV records and sub-domains are under their control. Thus not
allowing the direct method if there is a sub-domain or SRV record is
important.
> Please try also to not use the term invald cert, if a cert is valid and only
> is 'invalid' in the current way of how GnuPG and gpg4win handles your
An X.509 certifiate used for TLS conenctions in the web must carry the
server name. If it does not it is invalid.
> WKD implementation. People know now that other OpenPGP apps can
> handle my github.io key, from my GitHUb page.
Broken implementations are not a reason to break correct
implementations.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210120/5a5c8033/attachment.sig>
More information about the Gnupg-users
mailing list