Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Details

Description

Web Key Directory related

Recent Activity

Thu, Nov 7

ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).
-r  STRING

does a remote key lookup only if STRING is a valid addr-spec. No extraction of the addr-spec from STRING is done and thus angle brackets inhibit the use of a remote lookup.

Thu, Nov 7, 4:51 PM · gnupg (gpg22), wkd, Bug Report
werner added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

does a remote key lookup only if STRING is a valid addr-spec. No extraction of the addr-spec from STRING is done and thus angle brackets inhibit the use of a remote lookup. This was implemented in this way to be as much as possible backward compatible.

Thu, Nov 7, 4:02 PM · gnupg (gpg22), wkd, Bug Report

Mon, Oct 28

dkg created T4732: X.509 cert for openpgpkey.gnupg.org is expired.
Mon, Oct 28, 11:36 PM · gpgweb, Bug Report

Thu, Oct 24

dkg added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

@werner, you seem to be saying that -r does not imply "key lookups on remote services". Is that correct?

Thu, Oct 24, 8:42 PM · gnupg (gpg22), wkd, Bug Report

Wed, Oct 23

ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

This is a misunderstanding. The extraction of mail addresses is only doe for key lookups on remote services. Thus the -r case is as intended.

Wed, Oct 23, 1:26 PM · gnupg (gpg22), wkd, Bug Report
werner added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

This is a misunderstanding. The extraction of mail addresses is only doe for key lookups on remote services. Thus the -r case is as intended.

Wed, Oct 23, 11:35 AM · gnupg (gpg22), wkd, Bug Report
ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Is this task maybe related to T1927?

Wed, Oct 23, 8:07 AM · gnupg (gpg22), wkd, Bug Report
ringelkrat updated subscribers of T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Thank you @dkg for creating the bug report! I would like to glean the following information from the above mentioned discussion.

Wed, Oct 23, 8:00 AM · gnupg (gpg22), wkd, Bug Report
dkg created T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).
Wed, Oct 23, 3:24 AM · gnupg (gpg22), wkd, Bug Report

Sep 2 2019

werner claimed T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Sep 2 2019, 2:59 PM · Documentation, wkd

Aug 21 2019

dkg added a comment to T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.

This was also raised for (hopefully) wider discussion on the IETF mailing list.

Aug 21 2019, 8:32 PM · Documentation, wkd

Aug 20 2019

dkg created T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Aug 20 2019, 10:59 PM · Documentation, wkd

Jul 5 2019

werner closed T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver as Resolved.

Done for master and 2.2.

Jul 5 2019, 10:49 AM · gnupg (gpg22), wkd
werner added a commit to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver: rG3242837d203a: gpg: With --auto-key-retrieve prefer WKD over keyservers..
Jul 5 2019, 10:44 AM · gnupg (gpg22), wkd
werner added a commit to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver: rG96bf8f477805: gpg: With --auto-key-retrieve prefer WKD over keyservers..
Jul 5 2019, 10:33 AM · gnupg (gpg22), wkd
werner triaged T4613: document implementation guidance for WKD clients in draft-koch-openpgp-webkey-service as Normal priority.
Jul 5 2019, 7:32 AM · Documentation, wkd

Jul 4 2019

dkg created T4613: document implementation guidance for WKD clients in draft-koch-openpgp-webkey-service.
Jul 4 2019, 11:04 PM · Documentation, wkd
werner closed T4603: dirmngr WKD redirection changes paths as Resolved.

Fix will be in 2.2.17

Jul 4 2019, 4:26 PM · gnupg (gpg22), wkd, dirmngr, Bug Report

Jul 3 2019

wiktor-k added a comment to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver.

@dkg I believe @aheinecke gave the GpgOL description just as an example of why WKD-first retrieval would be beneficial (for details of that see https://wiki.gnupg.org/AutomatedEncryption#Trust_Levels) and I believe this ticket is a follow-up to my question on gnupg-devel ML: https://lists.gnupg.org/pipermail/gnupg-devel/2019-June/034372.html

Jul 3 2019, 7:26 PM · gnupg (gpg22), wkd
dkg added a comment to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver.

auto-key-retrieve happens in the context of signature verification when the certificate is missing. If no signer User ID subpacket is present in the signature, then WKD simply won't work.

Jul 3 2019, 7:11 PM · gnupg (gpg22), wkd
werner moved T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver from Backlog to For next release on the gnupg (gpg22) board.
Jul 3 2019, 6:14 PM · gnupg (gpg22), wkd
werner edited projects for T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver, added: gnupg (gpg22); removed gnupg.
Jul 3 2019, 6:12 PM · gnupg (gpg22), wkd
werner added a parent task for T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver: T4606: Release GnuPG 2.2.17.
Jul 3 2019, 6:11 PM · gnupg (gpg22), wkd
werner added a parent task for T4603: dirmngr WKD redirection changes paths: T4606: Release GnuPG 2.2.17.
Jul 3 2019, 6:11 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner moved T4603: dirmngr WKD redirection changes paths from Backlog to For next release on the gnupg (gpg22) board.
Jul 3 2019, 6:01 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner triaged T4603: dirmngr WKD redirection changes paths as Normal priority.
Jul 3 2019, 4:25 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner changed the status of T4603: dirmngr WKD redirection changes paths from Open to Testing.

I did some manual tests using netcat and KS_FETCH to test the redirection.

Jul 3 2019, 4:24 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a commit to T4603: dirmngr WKD redirection changes paths: rGc9b133a54e93: dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain..
Jul 3 2019, 4:22 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a commit to T4603: dirmngr WKD redirection changes paths: rG37f0c55c7be3: dirmngr: Do not rewrite the redirection for the "openpgpkey" subdomain..
Jul 3 2019, 4:20 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg added a comment to T4603: dirmngr WKD redirection changes paths.

I think you're suggesting accepting *any* path if the hostname of the proposed redirection matches openpgpkey.example.org when querying the WKD direct URL for an @example.org address. That would also be a fine solution from my point of view.

Jul 3 2019, 4:13 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a comment to T4603: dirmngr WKD redirection changes paths.

I head the same idea when I read your configuration. Given that the advanced lookup was not reallydeployed (see T4590) I also expect that we will receive complains now that it works. Thus white listing any "openpgpkey." seems to me a reasonable easy solution.

Jul 3 2019, 3:52 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner closed T4590: dirmngr does not perform WKD advanced lookup as Resolved.

Will be in 2.2.17

Jul 3 2019, 3:46 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a comment to T4590: dirmngr does not perform WKD advanced lookup.

Oh dear, that happens if one is always on master. I simply forgot to cherry pick the change from master back in November.
Two commits, though.

Jul 3 2019, 3:45 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a commit to T4590: dirmngr does not perform WKD advanced lookup: rG2c6d94702a67: dirmngr: Fix previous commit.
Jul 3 2019, 3:43 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg added a comment to T4603: dirmngr WKD redirection changes paths.

@werner, thanks for the pointer to the report, that's certainly useful. And i'm happy that organizations like SektionEins are doing GnuPG audits and publishing their results regardless of who paid for them.

Jul 3 2019, 2:48 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a comment to T4603: dirmngr WKD redirection changes paths.

See https://sektioneins.de/en/blog/18-11-23-gnupg-wkd.html for details. In short they fear that companies using IP based security for internal services can be attacked via redirect request and in particular becuase that can happen in the background without the user noticing. I am not concerned but we had long lasting discussions also with protonmail about this and the result was that we need to have this protection. We do not know who requested and paid for the audit from SektionEins and they won't tell us.

Jul 3 2019, 9:44 AM · gnupg (gpg22), wkd, dirmngr, Bug Report

Jul 2 2019

dkg added a comment to T4603: dirmngr WKD redirection changes paths.

Thanks for the pointer, @werner. Certainly we want T4590 fixed.

Jul 2 2019, 5:37 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner added a comment to T4603: dirmngr WKD redirection changes paths.

We need to rewrite the Location to avoid a CSRF attack. See fa1b1eaa4241ff3f0634c8bdf8591cbc7c464144

Jul 2 2019, 4:18 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg updated the task description for T4603: dirmngr WKD redirection changes paths.
Jul 2 2019, 3:44 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg created T4603: dirmngr WKD redirection changes paths.
Jul 2 2019, 3:43 PM · gnupg (gpg22), wkd, dirmngr, Bug Report

Jul 1 2019

aheinecke created T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver.
Jul 1 2019, 9:13 AM · gnupg (gpg22), wkd

Jun 28 2019

dkg added a comment to T4590: dirmngr does not perform WKD advanced lookup.

I recognize that adding network activity to the test suite can be complicated (not all test suites are run with functional network access), but if it is possible to have a unit test or something (that doesn't do network access, but just looks at what the dirmngr *would* have tried somehow?), that would be great. Thanks for looking into this!

Jun 28 2019, 2:39 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
werner triaged T4590: dirmngr does not perform WKD advanced lookup as High priority.

Confirmed; that looks like a regression.

Jun 28 2019, 12:09 PM · gnupg (gpg22), wkd, dirmngr, Bug Report
dkg created T4590: dirmngr does not perform WKD advanced lookup.
Jun 28 2019, 6:29 AM · gnupg (gpg22), wkd, dirmngr, Bug Report

Apr 1 2019

werner closed T4268: Provide a method to build a simple WKD server filestructure on Windows as Resolved.
Apr 1 2019, 10:58 AM · wkd, Windows

Mar 21 2019

werner added a parent task for T4344: Periodic check of own keys with the WKD: T4417: Work needed for gnupg 2.3.
Mar 21 2019, 1:09 PM · wkd, gnupg, Feature Request

Jan 25 2019

werner created T4344: Periodic check of own keys with the WKD.
Jan 25 2019, 4:05 PM · wkd, gnupg, Feature Request

Dec 5 2018

aheinecke changed the status of T4268: Provide a method to build a simple WKD server filestructure on Windows from Open to Testing.

Sounds good! I give it to me for testing / documenting this.

Dec 5 2018, 12:00 PM · wkd, Windows

Dec 4 2018

werner added a comment to T4268: Provide a method to build a simple WKD server filestructure on Windows.

With master we can now do:

Dec 4 2018, 4:36 PM · wkd, Windows

Nov 28 2018

aheinecke added a comment to T4268: Provide a method to build a simple WKD server filestructure on Windows.

@werner Be my guest.

Nov 28 2018, 9:22 AM · wkd, Windows