[Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key at intevation.de>"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Aug 6 18:25:38 CEST 2019


On Tue 2019-08-06 16:58:05 +0200, Bernhard Reiter wrote:
> Am Dienstag 06 August 2019 14:25:07 schrieb Daniel Kahn Gillmor:
>> I don't see any constraint like "MUST NOT return multiple non-revoked
>> keyblocks",
>
> This could be clarified in the next revision.
> Implicitely from the intentions as written down in section
>   3.  Web Key Directory
> it is understandable to have one public key delivered and that is considered 
> the currently associated pubkey for the email address that should be taken 
> for encryption.

I agree that this should be clarified one way or the other.

> Display that sending the email will be less secure (towards evesdropping)
> as something is strange (against the WKD specification). It is up to the user 
> to decide if the email should still be send in this case. If the contents is 
> highly sensitive, the user will decide to not send. Otherwise the user will 
> not care, not paying attention to the display and send anyway (not caring if 
> it is encrypted or not).

I'd love to see some studies about the usability of such a warning.  how
many fine gradations of "valid" is the user able to distinguish between
in an actionable way?

fwiw, i agree that more explicit and opinionated guidance for
implementers would be useful here too.  I would be pretty sad if that
guidance was to specify some sort of "you should be worried, but
probably you can't do anything differently to address that worry" alarm.
Alarm fatigue is a real and well-studied thing:

   https://en.wikipedia.org/wiki/Alarm_fatigue

> The idea with the current WKD is to solve the main use case first and
> well. And simple to implement. Other use cases can be considered afterwards.

Here we have a concrete use case for an important vendor of
OpenPGP-related software, who has found that WKD didn't align with their
standard practice until an outside party brought it to their attention.
I am in complete agreement with you that we should focus on the main use
case, but if it's clear that the implemnentation doesn't work for
important real-world cases, we ought to be able to reconsider it (or
recommend some other approach that *does* match that use case).

          --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20190806/0b9d69a7/attachment-0001.sig>


More information about the Gpg4win-users-en mailing list