Please tackle the Right Thing

Werner Koch wk at
Wed Jan 20 13:51:26 CET 2021

On Tue, 19 Jan 2021 16:31, Stefan Claas said:

> there exists also a direct-method in you current draft, which people like
> to use, when low on budged or which like to avoid, for whatever privacy

If you do some research on the infrastructure of large providers (which
includes talking to them) you may learn that there might be an

address which is not under the control of the example company.
However, SRV records and sub-domains are under their control.  Thus not
allowing the direct method if there is a sub-domain or SRV record is

> Please try also to not use the term invald cert, if a cert is valid and only
> is 'invalid' in the current way of how GnuPG and gpg4win handles your

An X.509 certifiate used for TLS conenctions in the web must carry the
server name.  If it does not it is invalid.

> WKD implementation. People know now that other OpenPGP apps can
> handle my key, from my GitHUb page.

Broken implementations are not a reason to break correct



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list