Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Details

Description

Web Key Directory related

Recent Activity

Fri, Jan 15

dkg updated the task description for T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Fri, Jan 15, 10:50 PM · Documentation, wkd
dkg added a comment to T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.

This ambiguity appears to be the cause of a recent epic (and to me, largely incomprehensible) thread on gnupg-users. It would be great to have the WKD guidance about fallback strategy be much more explicit. Any room for ambiguity here leads to different outcomes from different WKD clients, and quite a bit of confused discussion by their users.

Fri, Jan 15, 10:38 PM · Documentation, wkd

Thu, Dec 31

Rombobeorn added a comment to T5214: gpg-wks-client generates Web Key Directory with bad permissions..

For directories this can't be done because not only the server reads the directories but also other deployment tools (e.g. rsync).

Thu, Dec 31, 10:19 AM · wkd, Bug Report

Wed, Dec 30

werner triaged T5214: gpg-wks-client generates Web Key Directory with bad permissions. as Low priority.
Wed, Dec 30, 3:07 PM · wkd, Bug Report
werner changed the status of T5214: gpg-wks-client generates Web Key Directory with bad permissions. from Open to Testing.
Wed, Dec 30, 3:07 PM · wkd, Bug Report
werner added a commit to T5214: gpg-wks-client generates Web Key Directory with bad permissions.: rGfdc54850263b: wkd: Minor permission fix for created files..
Wed, Dec 30, 3:07 PM · wkd, Bug Report
werner added a commit to T5214: gpg-wks-client generates Web Key Directory with bad permissions.: rGc008e8d20e12: wkd: Minor permission fix for created files..
Wed, Dec 30, 3:06 PM · wkd, Bug Report
werner added a project to T5214: gpg-wks-client generates Web Key Directory with bad permissions.: wkd.
Wed, Dec 30, 3:04 PM · wkd, Bug Report

Dec 11 2020

TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

The specs might just want to say that it just expects the wildcard to be broken, not that it expects an empty record.

Dec 11 2020, 10:49 AM · FAQ, wkd
werner added a comment to T5177: GPG WKD lookup does not send correct SNI.

Than put something into the TXT - it does not matter and is only used to break the wildcard.

Dec 11 2020, 10:41 AM · FAQ, wkd

Dec 10 2020

TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

Cloudflare doesn't seem to allow empty DNS TXT records...

Dec 10 2020, 4:30 PM · FAQ, wkd
werner closed T5177: GPG WKD lookup does not send correct SNI as Resolved.

From the specs:

Dec 10 2020, 4:28 PM · FAQ, wkd
TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

There's a wildcard CNAME, it's not _really_ configured. It's not a good assumption that a CNAME == configured and it doesn't have a reasonable fallback, IMHO.

Dec 10 2020, 3:00 PM · FAQ, wkd
werner added a comment to T5177: GPG WKD lookup does not send correct SNI.

If you configure the subdomain in the DNS this will be used. Thus get a cert for it. The old method should not be used and thus if the openpgpkey subdomain exists gpg concludes that the admin is aware of the new scheme.

Dec 10 2020, 2:48 PM · FAQ, wkd
TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

Hm, I don't want to remove the CNAME just so that GPG WKD would work, is there a way to fix this? Is there a good reason why after "Advanced"/subdomain lookup it doesn't try "direct"?

Dec 10 2020, 12:22 PM · FAQ, wkd
TaaviE added a comment to T5177: GPG WKD lookup does not send correct SNI.

Oh, it's using the openpgpkey subdomain because of the CNAME but that's not actually being served by the server.

Dec 10 2020, 11:51 AM · FAQ, wkd
werner edited projects for T5177: GPG WKD lookup does not send correct SNI, added: Support, wkd; removed Bug Report.
Dec 10 2020, 11:39 AM · FAQ, wkd

Aug 7 2020

aheinecke closed T4839: GpgOL: WKS Confirmation mail is not handled correctly as Resolved.
Aug 7 2020, 10:47 AM · gpg4win, wkd, gpgol

Apr 9 2020

aisha added a comment to T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib.

thanks a lot dkg and werner :)

Apr 9 2020, 6:14 PM · wkd, gnupg (gpg22), Bug Report

Mar 30 2020

dkg added a comment to T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib.

thanks!

Mar 30 2020, 8:32 PM · wkd, gnupg (gpg22), Bug Report
werner closed T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib as Resolved.

Done; will go into 2.2.21 (T4897).

Mar 30 2020, 5:42 PM · wkd, gnupg (gpg22), Bug Report
werner added a commit to T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib: rG76d2a02dfe8f: wks: Take name of sendmail from configure..
Mar 30 2020, 5:41 PM · wkd, gnupg (gpg22), Bug Report

Mar 23 2020

dkg created T4886: gpg-wks-server fails on openbsd, because sendmail is in /usr/sbin, not /usr/lib.
Mar 23 2020, 4:13 PM · wkd, gnupg (gpg22), Bug Report

Feb 6 2020

aheinecke added a commit to T4839: GpgOL: WKS Confirmation mail is not handled correctly: rOae06defe99fc: Rebuild WKS Confirmation mail to pass it to gpg.
Feb 6 2020, 5:17 PM · gpg4win, wkd, gpgol
aheinecke added a commit to T4839: GpgOL: WKS Confirmation mail is not handled correctly: rOdaf4713a0d16: Fix detection of WKS Confirmation mails.
Feb 6 2020, 5:17 PM · gpg4win, wkd, gpgol

Feb 5 2020

aheinecke created T4839: GpgOL: WKS Confirmation mail is not handled correctly.
Feb 5 2020, 11:16 AM · gpg4win, wkd, gpgol

Jan 14 2020

ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Thank you for resolving this issue! I am successfully using version 2.2.19 from the gnupg (2.2.19-1~bpo10+1) package of Debian Backports.

Jan 14 2020, 11:47 AM · gnupg (gpg22), wkd, Bug Report

Dec 17 2019

aheinecke created T4778: GpgOL: Initial WKD lookup slow.
Dec 17 2019, 10:21 AM · gpgol, wkd

Dec 4 2019

werner closed T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets) as Resolved.

Fixed for 2.2.19 and master

Dec 4 2019, 4:28 PM · gnupg (gpg22), wkd, Bug Report
werner added a commit to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets): rG78bb81e9deec: gpg: Use AKL for angle bracketed mail address with -r..
Dec 4 2019, 4:21 PM · gnupg (gpg22), wkd, Bug Report
werner added a commit to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets): rG1abb39fdaf44: gpg: Use AKL for angle bracketed mail address with -r..
Dec 4 2019, 2:42 PM · gnupg (gpg22), wkd, Bug Report

Nov 23 2019

werner moved T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets) from Backlog to For next release on the gnupg (gpg22) board.
Nov 23 2019, 8:24 PM · gnupg (gpg22), wkd, Bug Report
ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Given that the the angle brackets are elsewhere used to indicate a search by mail address, it would be okay to allow for them in this case too (that is dkg's second example).
[...]
To answer your question: With the exception of case two this is desired behaviour also in the future,

Nov 23 2019, 6:53 PM · gnupg (gpg22), wkd, Bug Report

Nov 16 2019

werner triaged T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets) as Normal priority.
Nov 16 2019, 10:18 AM · gnupg (gpg22), wkd, Bug Report
werner added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Given that the the angle brackets are elsewhere used to indicate a search by mail address, it would be okay to allow for them in this case too (that is dkg's second example). The risk of a regression in that case is pretty low.

Nov 16 2019, 10:18 AM · gnupg (gpg22), wkd, Bug Report

Nov 7 2019

ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).
-r  STRING

does a remote key lookup only if STRING is a valid addr-spec. No extraction of the addr-spec from STRING is done and thus angle brackets inhibit the use of a remote lookup.

Nov 7 2019, 4:51 PM · gnupg (gpg22), wkd, Bug Report
werner added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

does a remote key lookup only if STRING is a valid addr-spec. No extraction of the addr-spec from STRING is done and thus angle brackets inhibit the use of a remote lookup. This was implemented in this way to be as much as possible backward compatible.

Nov 7 2019, 4:02 PM · gnupg (gpg22), wkd, Bug Report

Oct 28 2019

dkg created T4732: X.509 cert for openpgpkey.gnupg.org is expired.
Oct 28 2019, 11:36 PM · gpgweb, Bug Report

Oct 24 2019

dkg added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

@werner, you seem to be saying that -r does not imply "key lookups on remote services". Is that correct?

Oct 24 2019, 8:42 PM · gnupg (gpg22), wkd, Bug Report

Oct 23 2019

ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

This is a misunderstanding. The extraction of mail addresses is only doe for key lookups on remote services. Thus the -r case is as intended.

Oct 23 2019, 1:26 PM · gnupg (gpg22), wkd, Bug Report
werner added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

This is a misunderstanding. The extraction of mail addresses is only doe for key lookups on remote services. Thus the -r case is as intended.

Oct 23 2019, 11:35 AM · gnupg (gpg22), wkd, Bug Report
ringelkrat added a comment to T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Is this task maybe related to T1927?

Oct 23 2019, 8:07 AM · gnupg (gpg22), wkd, Bug Report
ringelkrat updated subscribers of T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).

Thank you @dkg for creating the bug report! I would like to glean the following information from the above mentioned discussion.

Oct 23 2019, 8:00 AM · gnupg (gpg22), wkd, Bug Report
dkg created T4726: auto-key-locate only works with raw e-mail addresses (not angle-brackets).
Oct 23 2019, 3:24 AM · gnupg (gpg22), wkd, Bug Report

Sep 2 2019

werner claimed T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Sep 2 2019, 2:59 PM · Documentation, wkd

Aug 21 2019

dkg added a comment to T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.

This was also raised for (hopefully) wider discussion on the IETF mailing list.

Aug 21 2019, 8:32 PM · Documentation, wkd

Aug 20 2019

dkg created T4679: WKD spec should document exactly when a client should fall back from "advanced" to "direct" URL.
Aug 20 2019, 10:59 PM · Documentation, wkd

Jul 5 2019

werner closed T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver as Resolved.

Done for master and 2.2.

Jul 5 2019, 10:49 AM · gnupg (gpg22), wkd
werner added a commit to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver: rG3242837d203a: gpg: With --auto-key-retrieve prefer WKD over keyservers..
Jul 5 2019, 10:44 AM · gnupg (gpg22), wkd
werner added a commit to T4595: GPG: auto-key-retrieve should prefer WKD over Keyserver: rG96bf8f477805: gpg: With --auto-key-retrieve prefer WKD over keyservers..
Jul 5 2019, 10:33 AM · gnupg (gpg22), wkd