ietf-openpgp
[Top] [All Lists]

Re: [openpgp] [Gpg4win-users-en] WKD for OpenPGP certificate "Intevation File Distribution Key <distribution-key(_at_)intevation(_dot_)de>"

2019-08-06 12:08:56
On Tue 2019-08-06 16:58:05 +0200, Bernhard Reiter wrote:
Am Dienstag 06 August 2019 14:25:07 schrieb Daniel Kahn Gillmor:
I don't see any constraint like "MUST NOT return multiple non-revoked
keyblocks",

This could be clarified in the next revision.
Implicitely from the intentions as written down in section
  3.  Web Key Directory
it is understandable to have one public key delivered and that is considered 
the currently associated pubkey for the email address that should be taken 
for encryption.

I agree that this should be clarified one way or the other.

Display that sending the email will be less secure (towards evesdropping)
as something is strange (against the WKD specification). It is up to the user 
to decide if the email should still be send in this case. If the contents is 
highly sensitive, the user will decide to not send. Otherwise the user will 
not care, not paying attention to the display and send anyway (not caring if 
it is encrypted or not).

I'd love to see some studies about the usability of such a warning.  how
many fine gradations of "valid" is the user able to distinguish between
in an actionable way?

fwiw, i agree that more explicit and opinionated guidance for
implementers would be useful here too.  I would be pretty sad if that
guidance was to specify some sort of "you should be worried, but
probably you can't do anything differently to address that worry" alarm.
Alarm fatigue is a real and well-studied thing:

   https://en.wikipedia.org/wiki/Alarm_fatigue

The idea with the current WKD is to solve the main use case first and
well. And simple to implement. Other use cases can be considered afterwards.

Here we have a concrete use case for an important vendor of
OpenPGP-related software, who has found that WKD didn't align with their
standard practice until an outside party brought it to their attention.
I am in complete agreement with you that we should focus on the main use
case, but if it's clear that the implemnentation doesn't work for
important real-world cases, we ought to be able to reconsider it (or
recommend some other approach that *does* match that use case).

          --dkg

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp