‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, November 15, 2018 11:03 PM, Paul Wouters
<paul(_at_)nohats(_dot_)ca> wrote:
On Thu, 15 Nov 2018, Bart Butler wrote:
The MUA could always have some kind of warning in this situation if the
UserID match isn't recognized ("recognized" matches could include
subaddresses, etc. but would be at the MUA's discretion). I'd leave this up
to the MUA implementation.
Requiring the MUA to do this is wrong. It will break many potential use
cases. Take for example my phone mail client. It is hard to support PGP,
but it is easy to send it over TLS to my MTA. My MTA can then do all
the work to PGP encrypt it. But there are no humans in this process.
Please ensure this feature works without humans.
Paul
I'm not proposing that we require the MUA to do anything. All I'm saying is the
the MUA could implement such validation if they want to, otherwise the key
returned by WKD could just be used, and either way, we don't make any sort of
UserID email address matching part of the WKD spec that the server has to
enforce.
-Bart
signature.asc
Description: OpenPGP digital signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp