On Tue 2019-08-06 16:58:05 +0200, Bernhard Reiter wrote:
Am Dienstag 06 August 2019 14:25:07 schrieb Daniel Kahn Gillmor:
I don't see any constraint like "MUST NOT return multiple non-revoked
keyblocks",
This could be clarified in the next revision.
Implicitely from the intentions as written down in section
3. Web Key Directory
it is understandable to have one public key delivered and that is considered
the currently associated pubkey for the email address that should be taken
for encryption.
I agree that this should be clarified one way or the other.
Display that sending the email will be less secure (towards evesdropping)
as something is strange (against the WKD specification). It is up to the user
to decide if the email should still be send in this case. If the contents is
highly sensitive, the user will decide to not send. Otherwise the user will
not care, not paying attention to the display and send anyway (not caring if
it is encrypted or not).
I'd love to see some studies about the usability of such a warning. how
many fine gradations of "valid" is the user able to distinguish between
in an actionable way?
fwiw, i agree that more explicit and opinionated guidance for
implementers would be useful here too. I would be pretty sad if that
guidance was to specify some sort of "you should be worried, but
probably you can't do anything differently to address that worry" alarm.
Alarm fatigue is a real and well-studied thing:
https://en.wikipedia.org/wiki/Alarm_fatigue
The idea with the current WKD is to solve the main use case first and
well. And simple to implement. Other use cases can be considered afterwards.
Here we have a concrete use case for an important vendor of
OpenPGP-related software, who has found that WKD didn't align with their
standard practice until an outside party brought it to their attention.
I am in complete agreement with you that we should focus on the main use
case, but if it's clear that the implemnentation doesn't work for
important real-world cases, we ought to be able to reconsider it (or
recommend some other approach that *does* match that use case).
--dkg
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp