[mailop] OpenPGP WKD URL
Vincent Breitmoser
look at my.amazin.horse
Tue Feb 11 17:44:49 CET 2025
Hey Werner, list,
On 11.02.25 17:17, Werner Koch wrote:
>> It's of course a matter of trust. But for a fair amount of people, it
>> seems to be a reasonable tradeoff.
>
> [ This also works around the trust model of WKD which claims that you are
> the owner of your domain.]
I'm not sure I follow. If I point my MX to my email provider, it's the
same thing isn't it, delegating a specific service associated to the
domain I own to a service provider? It's pretty nice even in terms of
trust if email and WKD are served by independent entities, so the email
provider can't MitM you if they also manage WKD.
I know Proton had plans to offer WKDaaS for their users as well. But
turns out managing a large amount of certificates is quite the
engineering challenge, so I guess they never finished it.
> The openpgpkey prefix thingy was only introduced to work around the
> t-online.de/Stroehr website and DNS responsibility mess. I wished I
> never had introduced that - in particular because t-online then never
> introduced WKD.
Yeah. Bummer it didn't work out with them, but I wager they're not the
only ones with this management problem. Placing content directly on the
main domain is certainly much more difficult in terms of processes and
ownership than adding a specialized subdomain.
- V
More information about the Gnupg-users
mailing list