Hi Werner,
I don't think I was very clear before so I'll try to clarify a bit. I think we
are in agreement that the MUA should do all of this kind of processing
exclusively and we should not do any funny business in the WKD spec about
secondary UserIDs or the like. My concern was that this language:
"The key needs to carry a
User ID packet ([RFC4880]) with that mail address."
could be read as requiring that the UserID packet in the key match the queried
address exactly, and I'd like to relax that requirement to make it clear that
servers can essentially serve up whichever key they choose based on how they
want to route mail. Whatever checks the MUA does on this UserID is not the
business of the WKD spec. Here's another suggestion:
"The key MUST carry a User ID packet ([RFC4880]) containing the email address
to which mail sent to the queried email address will be routed."
which should take care of this case without implying that requested mail
address must match the mail address in the UserID.
-Bart
Sent from ProtonMail, encrypted email based in Switzerland.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, November 13, 2018 1:13 PM, Werner Koch <wk(_at_)gnupg(_dot_)org>
wrote:
On Tue, 13 Nov 2018 21:35,
bartbutler=40protonmail(_dot_)com(_at_)dmarc(_dot_)ietf(_dot_)org
said:
routing in the same way for WKD as it does for incoming mail. As such,
things like case, subaddresses with +, catch-all, etc. will
We had some internal discussion and came to the conclusion that it is
best to not care about sub-addresses in the protocol. It should be a
MUA only thing and nobody should create a key for a subaddress.
With the help of Kristian I took a look at the 5.3 million keys on the
SKS servers and we found only 3055 unique mailboxes with a '+' in it.
After removing leading and trailing '+' as well as multiple '+'
(e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid
sub-addresses.
Now this is definitely a minority and there oweners can be asked (or
gpg-wks-client does it on the fly) to create another user-id without the
subaddress.
To help MUAs, I started to change gpg to strip off sub-addresses; at
least for WKD queries.
So if I request from ProtonMail
Bart(_dot_)Butler(_at_)protonmail(_dot_)com, I would
get a key back with bartbutler(_at_)protonmail(_dot_)com, and the clients
could
I doubt that we can do anything about this except for adding another
user id to the key. There would be just too many cases and that simple
protocol would be much complex to implement and also fully lose the
property of a simple one to one match.
Shalom-Salam,
Werner
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp