[Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key at intevation.de>"

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Aug 8 14:49:02 CEST 2019


On Wed 2019-08-07 15:49:36 +0200, Thomas Arendsen Hein wrote:
> OpenPGP keys are needed when you want to encrypt to someone
> _or_ when you want to verify a signature made by someone else.
>
> WKD should support these two basic use cases.
>
> To avoid ambiguity when selecting a key for encryption, WKD should
> not provide more than one valid key.
>
> For verifying signatures there is no ambiguity, because the signed
> file/email is signed by a single key. If the WKD could provide this
> key, all would be well here, but as my older mails/files are signed
> by my older key and my newer mails/files are signed by by my newer
> key, the person/software checking the signature of both mails/files
> today should have a verified access to both, the old and the new
> key.
>
> A way to allow both use cases would be to allow only one key for
> encryption purposes and multiple keys for validating signatures.

I think this is sound reasoning, and a great solution to the problem.
Thanks, Thomas!

It's good to have identified the underlying rationale for the two
different use cases, as well as a solution that appears to meet them
both.

The one outstanding use case that isn't handled by this solution is two
certificates which differ by public key algorithm and are both
encryption-capable.  I can imagine some even more subtle gradations of
WKD requirements that would satisfy that use case as well, but perhaps
they're too subtle to be worth specifying.  If that final use case gets
left unsolved, we're still in much better shape than the status quo.

Perhaps you could propose some text to modify the WKD draft?

If you want to propose an easily-applicable diff, the source is in this
git repository:

   https://dev.gnupg.org/source/gnupg-doc.git

in the file misc/id/openpgp-webkey-service/draft.org 

Perhaps Werner can weigh in on where he would like diffs to be sent so
that he can most easily track them for inclusion.  As someone working
with different OpenPGP implementations that themselves do some variant
of WKD lookup at least, i think it would be great to post a proposed
diff here to the openpgp at ietf.org mailing list as well, so that other
implementers can consider it and weigh in about what makes sense for
them.

> * Bernhard Reiter <bernhard at intevation.de> [20190807 09:53]:
>> Getting other active pubkeys or old pubkeys can be handled by the public 
>> keyserver network.
>
> No, because the old pubkey wouldn't come from a trusted source this
> way.

I agree that WKD provides some additional benefit of authenticity here.
Without that, the signer might as well just ship the certificate with
the signature, and let the end user verify it that way.

i don't think it's bad to ship the certificate with the signature, fwiw.
That approach has very nice properties from the perspective of metadata
leakage -- no leakage at all, and also no dependencies on internet
connectivity or third-party services which might have outages.

             --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20190808/b27d41e7/attachment.sig>


More information about the Gpg4win-users-en mailing list