Mailing List Archive

Hi Stefan,

> I just started to set-up a github-page and have also verified
> the page via Brave. I tried to set-up WKD for the page, like
> I did in the past for my 300baud.de Domain, but fetching
> the key with GnuPG does not work for me. :-(

You could try the online WKD checker here:
https://metacode.biz/openpgp/web-key-directory

It reports that the policy file is missing, which I think is a hard
requirement, no?

Also make sure that the MIME content type and
Access-Control-Allow-Origin headers are set correctly.

Kind regards,
André

--
Greetings...
From: André Colomb <andre@colomb.de>

Ok, had a typo in the openpgpkey folder, ouch.

Now Wiktor's WKD checker gives the proper
results in the first part, not sure why not in the
second part.

Need to try to fetch my pub key.

Regards
Stefan

On Fri, Jan 8, 2021 at 6:42 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> Hi all,
>
> I just started to set-up a github-page and have also verified
> the page via Brave. I tried to set-up WKD for the page, like
> I did in the past for my 300baud.de Domain, but fetching
> the key with GnuPG does not work for me. :-(
>
> My key UID there is 'stefan@sac001.github.io'
>
> It would be really nice if a kind soul can help me to fix
> the issue.
>
> The idea here is the following:
>
> 1. A github.io pub key can IHMO serve as a multi-purpose usage
> key, thus not revealing the email address.
>
> 2. GitHub should be more protected against DDOS, compared
> to a website, hosted on an own VPS server, IMHO.
>
> 3. One already has an SSL cert.
>
> 4. GitHub allows creating rich-content static web pages.
>
> 5. Brave verification, so that in case one Brave user like
> to give a tip, it is possible too.
>
> 6. If this would work properly, Windows users, for example,
> would have an easy way to use WKD as well, without having
> an own server, Domain, etc.
>
> Hope you like the idea!
>
> Here's is my URL, which leads to the GitHub project,
> containing the .well-known folder.
>
> https://sac001.github.io
>
> Any help would greatly appreciated!
>
> Regards
> Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 8, 2021 at 7:36 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> Ok, had a typo in the openpgpkey folder, ouch.
>
> Now Wiktor's WKD checker gives the proper
> results in the first part, not sure why not in the
> second part.
>
> Need to try to fetch my pub key.

Does not work, 'wrong name'

I guess I could put a CNAME file into my GitHub
folder, pointing to a Domain which I own and
upload a new key with that Domain, but this
is *not* what I want to do, because of the
opportunity it would give Windows users to
follow my set-up without an own server and
own domain and because GitHub is globally
probably not blocked and a trusted Domain
for millions of programmers.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 8, 2021 at 10:07 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,
>
> > I just started to set-up a github-page and have also verified
> > the page via Brave. I tried to set-up WKD for the page, like
> > I did in the past for my 300baud.de Domain, but fetching
> > the key with GnuPG does not work for me. :-(
>
> You could try the online WKD checker here:
> https://metacode.biz/openpgp/web-key-directory

Hi Andre, I used Wiktor's WKD checker which you link to. :-)
>
> It reports that the policy file is missing, which I think is a hard
> requirement, no?
>
> Also make sure that the MIME content type and
> Access-Control-Allow-Origin headers are set correctly.

I guess I have created a new use case, regarding WKD
usage for GitHub pages and how Werner implemented
WKD.

I guess the only way to fix it (for many people) would be
that, as of my understanding (now) the WKD check
and SSL cert check would be a bit more flexible, either
in allowing subdomains, like the github.io ones in form
of a fix in the code or as setting in GnuPG' config file.

I could be totally wrong of course, so let's see what
Werner says.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 8, 2021 at 10:21 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> I guess the only way to fix it (for many people) would be
> that, as of my understanding (now) the WKD check
> and SSL cert check would be a bit more flexible, either
> in allowing subdomains, like the github.io ones in form
> of a fix in the code or as setting in GnuPG' config file.
>
> I could be totally wrong of course, so let's see what
> Werner says.

Well, I guess I am right, just did a gpg --debug-level guru
under cmd.exe:

gpg --debug-level guru --locate-key stefan@sac001.github.io
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache
memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: [not enabled in the source] keydb_new
gpg: DBG: [not enabled in the source] keydb_search enter
gpg: DBG: keydb_search: 1 search descriptions:
gpg: DBG: keydb_search 0: SUBSTR: 'stefan@sac001.github.io'
gpg: DBG: keydb_search: searching keybox (resource 0 of 1)
gpg: DBG: keydb_search: searched keybox (resource 0 of 1) => EOF
gpg: DBG: [not enabled in the source] keydb_search leave (not found)
gpg: DBG: chan_0x00000254 <- # Home: C:/Users/Nutzer/AppData/Roaming/gnupg
gpg: DBG: chan_0x00000254 <- # Config:
C:/Users/Nutzer/AppData/Roaming/gnupg/dirmngr.conf
gpg: DBG: chan_0x00000254 <- OK Dirmngr 2.2.25 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_0x00000254 -> GETINFO version
gpg: DBG: chan_0x00000254 <- D 2.2.25
gpg: DBG: chan_0x00000254 <- OK
gpg: DBG: chan_0x00000254 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_0x00000254 <- OK
gpg: DBG: chan_0x00000254 -> KEYSERVER
gpg: DBG: chan_0x00000254 <- S KEYSERVER hkps://keyserver.ubuntu.com
gpg: DBG: chan_0x00000254 <- OK
gpg: DBG: chan_0x00000254 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_0x00000254 <- OK
gpg: DBG: chan_0x00000254 -> KS_GET -- =stefan@sac001.github.io
gpg: DBG: chan_0x00000254 <- S PROGRESS tick ? 0 0
gpg: DBG: chan_0x00000254 <- S SOURCE https://162.213.33.8:443
gpg: DBG: chan_0x00000254 <- ERR 167772218 Keine Daten <Dirmngr>
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `keyserver': Keine Daten
gpg: DBG: chan_0x00000254 -> KEYSERVER --clear hkps://keyserver.ubuntu.com
gpg: DBG: chan_0x00000254 <- OK
gpg: DBG: chan_0x00000254 -> DNS_CERT --dane stefan@sac001.github.io
gpg: DBG: chan_0x00000254 <- ERR 167772187 Nicht gefunden <Dirmngr>
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `DANE': Nicht gefunden
gpg: DBG: chan_0x00000254 -> DNS_CERT * stefan.sac001.github.io
gpg: DBG: chan_0x00000254 <- ERR 167772187 Nicht gefunden <Dirmngr>
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `DNS CERT': Nicht gefunden
gpg: DBG: chan_0x00000254 -> DNS_CERT --pka -- stefan@sac001.github.io
gpg: DBG: chan_0x00000254 <- ERR 167772187 Nicht gefunden <Dirmngr>
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `PKA': Nicht gefunden
gpg: DBG: chan_0x00000254 -> WKD_GET -- stefan@sac001.github.io
gpg: DBG: chan_0x00000254 <- S SOURCE https://openpgpkey.sac001.github.io
gpg: DBG: chan_0x00000254 <- S NOTE tls_cert_error 285212985 bad cert
for 'openpgpkey.sac001.github.io': Hostname does not match the
certificate
gpg: Hinweis: Der Server benutzt eine ungültiges Zertifikat
gpg: DBG: chan_0x00000254 <- ERR 285212985 Falscher Name <TLS>
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `WKD': Falscher Name
gpg: Fehler beim automatischen holen von `stefan@sac001.github.io'
über `LDAP': Nich implementiert
gpg: error reading key: Nich implementiert
gpg: DBG: chan_0x00000254 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=1 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=1 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

your key seems to work fine over that WKD setup.

> Now Wiktor's WKD checker gives the proper
> results in the first part, not sure why not in the
> second part.

You don't need the "Advanced" method if the direct one already works.
They basically exist to provide flexibility for server admins to decide
whether they want to issue a TLS certificate for the whole domain
matching the e-mail address, or just serve the WKD stuff through a
dedicated "openpgpkey" subdomain. The latter could be easier if the WKD
webserver should be isolated from other things on the domain.

In your setup, the valid TLS certificate for sac001.github.io is the
only one you'll get, so the "Direct" method fits perfectly.

Nice idea actually, but you'd have to check if GitHub actually allows
such use for "arbitrary" data distribution.

Good night.
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Fri, Jan 8, 2021 at 11:27 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,
>
> your key seems to work fine over that WKD setup.
>
> > Now Wiktor's WKD checker gives the proper
> > results in the first part, not sure why not in the
> > second part.
>
> You don't need the "Advanced" method if the direct one already works.
> They basically exist to provide flexibility for server admins to decide
> whether they want to issue a TLS certificate for the whole domain
> matching the e-mail address, or just serve the WKD stuff through a
> dedicated "openpgpkey" subdomain. The latter could be easier if the WKD
> webserver should be isolated from other things on the domain.
>
> In your setup, the valid TLS certificate for sac001.github.io is the
> only one you'll get, so the "Direct" method fits perfectly.
>
> Nice idea actually, but you'd have to check if GitHub actually allows
> such use for "arbitrary" data distribution.
>
> Good night.
> André

Hi Andre,

as onbe could see from my previous reply, it does not work
with gpg4win and I tested it also under my Debian subsystem,
which didn't worked either. :-(

But (sorry to say this here on the GnuPG ML) good news is
I just tested it with an older version of sequoia-pgp and guess
what it works for me. :-)

sq wkd get stefan@sac001.github.io
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 3731 D9F8 1352 A24D F7E5 F33A 0885 70FC E611 8FD8
Comment: Stefan Claas <stefan@sac001.github.io>

xjMEX/dLDhYJKwYBBAHaRw8BAQdAvkbNdsFggQBabk4URQN/Fha+qsyFsCt4Tsti
hShJKlvNJlN0ZWZhbiBDbGFhcyA8c3RlZmFuQHNhYzAwMS5naXRodWIuaW8+wpAE
ExYIADgWIQQ3Mdn4E1KiTffl8zoIhXD85hGP2AUCX/dLDgIbAwULCQgHAgYVCgkI
CwIEFgIDAQIeAQIXgAAKCRAIhXD85hGP2HTyAQDCXANVu9GtjOV+u/Wn8Y7Ad/iR
mVLo34AOrMuU6dxRIQEAjqs8nMbLJHi6DNuizrMEU1lhcV67hyV9+pzn/VCPuQHO
OARf90sOEgorBgEEAZdVAQUBAQdAVOixEkd6S9j0tYAcCEIDwS5/M7XbeLjgA8Zm
dJIGqygDAQgHwngEGBYIACAWIQQ3Mdn4E1KiTffl8zoIhXD85hGP2AUCX/dLDgIb
DAAKCRAIhXD85hGP2Ks7AP98+j9JNC+TyfDcoYQMS+ZY85XOx7IQTg0G1JPJCrIc
CAD/SnccgwcFIjW83RHjIgtTomYdIoq/l8lwEzPfKHigLQg=
=wPCo
-----END PGP PUBLIC KEY BLOCK-----

Regards and Good Night
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

On Fri, 08 Jan 2021 23:05:52 +0100,
Stefan Claas via Gnupg-users wrote:
> On Fri, Jan 8, 2021 at 10:21 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:
>
> > I guess the only way to fix it (for many people) would be
> > that, as of my understanding (now) the WKD check
> > and SSL cert check would be a bit more flexible, either
> > in allowing subdomains, like the github.io ones in form
> > of a fix in the code or as setting in GnuPG' config file.
> >
> > I could be totally wrong of course, so let's see what
> > Werner says.
>
> Well, I guess I am right, just did a gpg --debug-level guru
> under cmd.exe:
>
> ...
> gpg: DBG: chan_0x00000254 -> WKD_GET -- stefan@sac001.github.io
> gpg: DBG: chan_0x00000254 <- S SOURCE https://openpgpkey.sac001.github.io
> gpg: DBG: chan_0x00000254 <- S NOTE tls_cert_error 285212985 bad cert
> for 'openpgpkey.sac001.github.io': Hostname does not match the
> certificate
> gpg: Hinweis: Der Server benutzt eine ung?ltiges Zertifikat
> gpg: DBG: chan_0x00000254 <- ERR 285212985 Falscher Name <TLS>

It appears that gpg is trying the advanced lookup method, gets an
error, and then doesn't fallback to the direct lookup method. This is
consistent with the I-D:

3.1. Key Discovery

...

There are two variants on how to form the request URI: The advanced
and the direct method. Implementations MUST first try the advanced
method. Only if the required sub-domain does not exist, they SHOULD
fall back to the direct method.

https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07

It appears that github.com's DNS is configured such that all domains
under github.com resolve to github.com's web server, even
subsubdomains. For instance,
https://asdflkjasdfj.asdflkjasdflkj.github.com/ resolves to a 404.

So, it seems that you'll need to create openpgpkey.sac001.github.com.
Further, you'll have to figure out how to get a valid certificate for
it. At least Firefox considers github.com's certificate to be valid
for foo.github.com, but not bar.foo.github.com.

:) Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 11:37 AM Neal H. Walfield <neal@walfield.org> wrote:

> It appears that gpg is trying the advanced lookup method, gets an
> error, and then doesn't fallback to the direct lookup method. This is
> consistent with the I-D:
>
> 3.1. Key Discovery
>
> ...
>
> There are two variants on how to form the request URI: The advanced
> and the direct method. Implementations MUST first try the advanced
> method. Only if the required sub-domain does not exist, they SHOULD
> fall back to the direct method.
>
> https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07
>
> It appears that github.com's DNS is configured such that all domains
> under github.com resolve to github.com's web server, even
> subsubdomains. For instance,
> https://asdflkjasdfj.asdflkjasdflkj.github.com/ resolves to a 404.
>
> So, it seems that you'll need to create openpgpkey.sac001.github.com.
> Further, you'll have to figure out how to get a valid certificate for
> it. At least Firefox considers github.com's certificate to be valid
> for foo.github.com, but not bar.foo.github.com.

Hi Neal,

thanks for the reply, much appreciated! Simply said, for the average
user like me, I believe GitHub is doing it right, because it is a
valid option according to their SSL cert data, and Werner simply
overlooked this option. I will not experiment any further, because I
set-up WKD properly, which works with sequoia-pgp, for example. I have
not checked other OpenPGP software.

And I strongly believe that Werner can fix this issue, if he is
willing to do so.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 2:37 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Hi Neal,
>
> thanks for the reply, much appreciated! Simply said, for the average
> user like me, I believe GitHub is doing it right, because it is a
> valid option according to their SSL cert data, and Werner simply
> overlooked this option. I will not experiment any further, because I
> set-up WKD properly, which works with sequoia-pgp, for example. I have
> not checked other OpenPGP software.
>
> And I strongly believe that Werner can fix this issue, if he is
> willing to do so.

Example: If I would be the host master of the domain bund.de with it's
many subdomains and authorities would request that WKD, as an
inexpensive inhouse option, has to be set-up...

IMHO that would be the same case, if I am not mistaken.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 8, 2021 at 11:34 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> But (sorry to say this here on the GnuPG ML) good news is
> I just tested it with an older version of sequoia-pgp and guess
> what it works for me. :-)
>
> sq wkd get stefan@sac001.github.io
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Comment: 3731 D9F8 1352 A24D F7E5 F33A 0885 70FC E611 8FD8
> Comment: Stefan Claas <stefan@sac001.github.io>
>
> xjMEX/dLDhYJKwYBBAHaRw8BAQdAvkbNdsFggQBabk4URQN/Fha+qsyFsCt4Tsti
> hShJKlvNJlN0ZWZhbiBDbGFhcyA8c3RlZmFuQHNhYzAwMS5naXRodWIuaW8+wpAE
> ExYIADgWIQQ3Mdn4E1KiTffl8zoIhXD85hGP2AUCX/dLDgIbAwULCQgHAgYVCgkI
> CwIEFgIDAQIeAQIXgAAKCRAIhXD85hGP2HTyAQDCXANVu9GtjOV+u/Wn8Y7Ad/iR
> mVLo34AOrMuU6dxRIQEAjqs8nMbLJHi6DNuizrMEU1lhcV67hyV9+pzn/VCPuQHO
> OARf90sOEgorBgEEAZdVAQUBAQdAVOixEkd6S9j0tYAcCEIDwS5/M7XbeLjgA8Zm
> dJIGqygDAQgHwngEGBYIACAWIQQ3Mdn4E1KiTffl8zoIhXD85hGP2AUCX/dLDgIb
> DAAKCRAIhXD85hGP2Ks7AP98+j9JNC+TyfDcoYQMS+ZY85XOx7IQTg0G1JPJCrIc
> CAD/SnccgwcFIjW83RHjIgtTomYdIoq/l8lwEzPfKHigLQg=
> =wPCo
> -----END PGP PUBLIC KEY BLOCK-----

If Alice and Bob would be my two minor children and we would create
together a nice web presense here on GitHub, we could use WKD together
on github.io pages. :-)

Just uploaded to my WKD directory Alice and Bob's demo key and it works too.

sq wkd get alice@sac001.github.io
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 7AD4 F939 3D41 7BBB A46C FA67 A6DE D562 6D79 841A
Comment: Alice Demo <alice@sac001.github.io>

xjMEX/nZ3RYJKwYBBAHaRw8BAQdA6wTK6ogT3OU2nrTEaHZlKHY776bh476vjjE0
9UpTERXNI0FsaWNlIERlbW8gPGFsaWNlQHNhYzAwMS5naXRodWIuaW8+wpAEExYI
ADgWIQR61Pk5PUF7u6Rs+mem3tVibXmEGgUCX/nZ3QIbAwULCQgHAgYVCgkICwIE
FgIDAQIeAQIXgAAKCRCm3tVibXmEGp3dAP9xviHVC/9GkEGyPvvW6xIM+RI+Saw4
tC4G35a0BfF2IgD7B11BEkBs8sCH1ED30rtzcQEMSyh/NmCgarrb2+pPEwfOOARf
+dndEgorBgEEAZdVAQUBAQdAiRTB87bBCZm4Es5ycn/inPzqNxEazVahpDTnLXuX
BjEDAQgHwngEGBYIACAWIQR61Pk5PUF7u6Rs+mem3tVibXmEGgUCX/nZ3QIbDAAK
CRCm3tVibXmEGqd1AQCRBdFtUQhec2SrPEKmcnPP/qodovT8bnS83v7HwojzZQD+
NilVdXs+lZOknY7daIuBsIX8cj4FhjcvILusRUYzogE=
=zpfj
-----END PGP PUBLIC KEY BLOCK-----

sq wkd get bob@sac001.github.io
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: 9CF4 2351 254D 5D71 4460 05A9 39E0 8A8E 266D 3C87
Comment: Bob Demo <bob@sac001.github.io>

xjMEX/nabxYJKwYBBAHaRw8BAQdANyaNp3WurFKBgyoWhwQ3yFmlRC097SZiPTH7
Eq7aoYbNH0JvYiBEZW1vIDxib2JAc2FjMDAxLmdpdGh1Yi5pbz7CkAQTFggAOBYh
BJz0I1ElTV1xRGAFqTngio4mbTyHBQJf+dpvAhsDBQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEDngio4mbTyHg98BAM/27zJGH+T58U9Iqgac0DcIRTRsvtqbCC9F
kKxh56m3APwNAU8mNRPOMtcABhShUP6uDle2LOjS3Z4Dq3kpxoLyCs44BF/52m8S
CisGAQQBl1UBBQEBB0BCjCbmoC8qyVpIO8io/sHXUrQHeZ5NOzrK7Gh1O6ArIQMB
CAfCeAQYFggAIBYhBJz0I1ElTV1xRGAFqTngio4mbTyHBQJf+dpvAhsMAAoJEDng
io4mbTyHLHwA/2WbvaZGlehWYFR2XNxzMl98GnzxLfdfn060V/Nb8sbpAQDxj0dL
375rY0lTSkw6EXJXHZkX8Kd5OptDzz3nltnHDg==
=3fI4
-----END PGP PUBLIC KEY BLOCK-----

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Samstag, 9. Januar 2021 15:43:14 CET Stefan Claas via Gnupg-users wrote:
> On Sat, Jan 9, 2021 at 2:37 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:
> > Hi Neal,
> >
> > thanks for the reply, much appreciated! Simply said, for the average
> > user like me, I believe GitHub is doing it right, because it is a
> > valid option according to their SSL cert data, and Werner simply
> > overlooked this option. I will not experiment any further, because I
> > set-up WKD properly, which works with sequoia-pgp, for example. I have
> > not checked other OpenPGP software.
> >
> > And I strongly believe that Werner can fix this issue, if he is
> > willing to do so.
>
> Example: If I would be the host master of the domain bund.de with it's
> many subdomains and authorities would request that WKD, as an
> inexpensive inhouse option, has to be set-up...
>
> IMHO that would be the same case, if I am not mistaken.

No, it's not.

Even if there's foo.bund.de, then there wouldn't be openpgpkey.foo.bund.de
(unless foo.bund.de sets up the advanced variant of WKD).

The problem with GitHub pages is apparently that openpgpkey.sac001.github.io
resolves to an IP address (well, actually multiple addresses):

$ host openpgpkey.sac001.github.io
openpgpkey.sac001.github.io has address 185.199.109.153
openpgpkey.sac001.github.io has address 185.199.108.153
openpgpkey.sac001.github.io has address 185.199.110.153
openpgpkey.sac001.github.io has address 185.199.111.153

OTOH:
$ host -t A bsi.bund.de
bsi.bund.de has address 77.87.229.76

But:
$ host -t A openpgpkey.bsi.bund.de
openpgpkey.bsi.bund.de has no A record

and therefore WKD would fall back to the direct method for bsi.bund.de.

Regards,
Ingo




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 7:27 PM Ingo Klöcker <kloecker@kde.org> wrote:
>
> On Samstag, 9. Januar 2021 15:43:14 CET Stefan Claas via Gnupg-users wrote:

> > Example: If I would be the host master of the domain bund.de with it's
> > many subdomains and authorities would request that WKD, as an
> > inexpensive inhouse option, has to be set-up...
> >
> > IMHO that would be the same case, if I am not mistaken.
>
> No, it's not.
>
> Even if there's foo.bund.de, then there wouldn't be openpgpkey.foo.bund.de
> (unless foo.bund.de sets up the advanced variant of WKD).
>
> The problem with GitHub pages is apparently that openpgpkey.sac001.github.io
> resolves to an IP address (well, actually multiple addresses):
>
> $ host openpgpkey.sac001.github.io
> openpgpkey.sac001.github.io has address 185.199.109.153
> openpgpkey.sac001.github.io has address 185.199.108.153
> openpgpkey.sac001.github.io has address 185.199.110.153
> openpgpkey.sac001.github.io has address 185.199.111.153

host sac001.github.io
sac001.github.io has address 185.199.111.153
sac001.github.io has address 185.199.109.153
sac001.github.io has address 185.199.110.153
sac001.github.io has address 185.199.108.153

works as well and why can sequoia-pgp handle this and not GnuPG,
or gpg4win? Couldn't they not fall back then as well to the direct method?

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> host sac001.github.io
> sac001.github.io has address 185.199.111.153
> sac001.github.io has address 185.199.109.153
> sac001.github.io has address 185.199.110.153
> sac001.github.io has address 185.199.108.153
>
> works as well and why can sequoia-pgp handle this and not GnuPG,
> or gpg4win? Couldn't they not fall back then as well to the direct method?

Wrong wording, not fall back but try direct method if for advanced method
a cert error occurs.

That would be probably only two lines of code or so.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Samstag, 9. Januar 2021 20:50:54 CET Stefan Claas via Gnupg-users wrote:
> On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:
> > host sac001.github.io
> > sac001.github.io has address 185.199.111.153
> > sac001.github.io has address 185.199.109.153
> > sac001.github.io has address 185.199.110.153
> > sac001.github.io has address 185.199.108.153
> >
> > works as well and why can sequoia-pgp handle this and not GnuPG,
> > or gpg4win? Couldn't they not fall back then as well to the direct method?
>
> Wrong wording, not fall back but try direct method if for advanced method
> a cert error occurs.

The spec explicitly says:
"Only if the required sub-domain does not exist, they SHOULD fall back to the
direct method."

Do you really think it would be a good idea if an application like gpg would
simply ignore a certificate error and then try something else?

Missing or wrong checks of server certificates are among the most common
security problems in many apps because they open the door for MITM attacks.
Yes, I know you don't suggest that gpg retrieves the key via the subdomain if
the certificate check for the subdomain fails, but I still think it's wrong to
ignore a potential security problem and try something else, unless the user
told gpg explicitly to use the direct method only. (I haven't checked if
there's an option for this.)

Apparently, sequoia-pgp chose usability over following the spec to the letter.
I hope they considered possible security implications.

Regards,
Ingo

On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> I believe GitHub is doing it right, because it is a
> valid option according to their SSL cert data, and Werner simply
> overlooked this option.

It is not. A certificate for *.github.io doesn't cover
openpgpkey.sac001.github.io
See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3


It is also quite normal that they don't have certificates for
"subsubdomains". I don't see an option in GitHub pages to configure
further subdomains, and given that github usernames can't contain dots,
it doesn't seem such "subsubdomains" would be used, so GitHub should
probably stop resolving them.

Best regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 11:09 PM Ingo Klöcker <kloecker@kde.org> wrote:
>
> On Samstag, 9. Januar 2021 20:50:54 CET Stefan Claas via Gnupg-users wrote:
> > On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas
> > <spam.trap.mailing.lists@gmail.com> wrote:
> > > host sac001.github.io
> > > sac001.github.io has address 185.199.111.153
> > > sac001.github.io has address 185.199.109.153
> > > sac001.github.io has address 185.199.110.153
> > > sac001.github.io has address 185.199.108.153
> > >
> > > works as well and why can sequoia-pgp handle this and not GnuPG,
> > > or gpg4win? Couldn't they not fall back then as well to the direct method?
> >
> > Wrong wording, not fall back but try direct method if for advanced method
> > a cert error occurs.
>
> The spec explicitly says:
> "Only if the required sub-domain does not exist, they SHOULD fall back to the
> direct method."
>
> Do you really think it would be a good idea if an application like gpg would
> simply ignore a certificate error and then try something else?
>
> Missing or wrong checks of server certificates are among the most common
> security problems in many apps because they open the door for MITM attacks.
> Yes, I know you don't suggest that gpg retrieves the key via the subdomain if
> the certificate check for the subdomain fails, but I still think it's wrong to
> ignore a potential security problem and try something else, unless the user
> told gpg explicitly to use the direct method only. (I haven't checked if
> there's an option for this.)
>
> Apparently, sequoia-pgp chose usability over following the spec to the letter.
> I hope they considered possible security implications.

Well, I wish Werner would chime in, because what I really don't understand
why do we have two options, instead of one and why is the advanced method
the first one to be checked, if we have as first one the direct method, which
would tell me, as laymen, that a software would start first with the 'easier'
method.

Fact for me is, I do have a site, which users shows a valid SSL cert
and sequoia-pgp
honors this, while GnuPG and gpg4win do not honor this and give a cert error for
IMHO a second option GnuPG and gpg4win offers.

If for example WKD would be designed to only offer one option (advanced) well
then I could understand this issue better and even then Werner could think of
a GitHub subdomain solution.

And if Werner would allow an option in GnuPG that users can set a flag to do
this on their own 'risk' then this would be also IMHO a good option.

Would be cool if GitHub staff would see this thread and discuss this
with Werner.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 11:42 PM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-09 at 14:37 +0100, Stefan Claas via Gnupg-users wrote:
> > I believe GitHub is doing it right, because it is a
> > valid option according to their SSL cert data, and Werner simply
> > overlooked this option.
>
> It is not. A certificate for *.github.io doesn't cover
> openpgpkey.sac001.github.io
> See rule #2 of https://tools.ietf.org/html/rfc6125#section-6.4.3

I was refering to wildcard subdomains, like my sac001.github.io subdomain,
which is covered by GitHub's SSL cert.
>
>
> It is also quite normal that they don't have certificates for
> "subsubdomains". I don't see an option in GitHub pages to configure
> further subdomains, and given that github usernames can't contain dots,
> it doesn't seem such "subsubdomains" would be used, so GitHub should
> probably stop resolving them.

Yes, the openpgpkeys. part which Ingo showed with my domain and the IP
addresses.

Like I said in my previous reply to Ingo, It would be nice if GitHub staff would
see this thread and talk with Werner.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 9, 2021 at 11:49 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Like I said in my previous reply to Ingo, It would be nice if GitHub staff would
> see this thread and talk with Werner.

Well, I just wrote GitHub support and asked if their staff can check
this thread,
which I linked to in my message.

Let's see what the outcome is.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-09 at 23:40 +0100, Stefan Claas via Gnupg-users wrote:
> Well, I wish Werner would chime in, because what I really don't
> understand why do we have two options, instead of one and why is the
> advanced method the first one to be checked, if we have as first one
> the direct method, which would tell me, as laymen, that a software
> would start first with the 'easier' method.

The way it is defined, it makes complete sense. The advanced method
allows a finer control. For example, you could have your web page in
one hosting (such as a CDN you may not trust too much) and your pgp
keys in a different host that you could consider more trustworthy.

The terms easy and advanced refers to the difficulty of setting it up.
Normally, creating a subdomain would be more complex (you need to
create a second dns record, perhaps also create a new VirtualHost…). It
is more powerful, but it's less accessible.

You need to check the first, since the bare domain is pretty much
guaranteed to exist, even without relation to openpgp keys. Plus, with
the above, your lack of trust could be e.g. that you don't want them
-for privacy reasons- to know which keys are being fetched. Using a
separated host that is tried first solves it.



> Fact for me is, I do have a site, which users shows a valid SSL cert
> and sequoia-pgp honors this, while GnuPG and gpg4win do not honor
> this and give a cert error for IMHO a second option GnuPG and gpg4win
> offers.

sequoia is in the wrong here. You don't have a valid SSL cert for
openpgpkey.sac001.github.io Either they are not supporting the advanced
method (maybe they follow an older draft?) or they ignore the
certificate failure (which would be quite bad).



The issue here is why github is publishing subdomains that nobody can
use, anyway. This would usually be harder (why create a openpgp
subdomain if you don't want it?), but GitHub configuration is already
sufficiently advanced that it breaks this (it was simpler for them to
configure their nameservers to also return that for subdomains?).

Regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 10, 2021 at 6:01 PM Ángel <angel@pgp.16bits.net> wrote:

> sequoia is in the wrong here. You don't have a valid SSL cert for
> openpgpkey.sac001.github.io Either they are not supporting the advanced
> method (maybe they follow an older draft?) or they ignore the
> certificate failure (which would be quite bad).
>
>
>
> The issue here is why github is publishing subdomains that nobody can
> use, anyway. This would usually be harder (why create a openpgp
> subdomain if you don't want it?), but GitHub configuration is already
> sufficiently advanced that it breaks this (it was simpler for them to
> configure their nameservers to also return that for subdomains?).

Can you tell me/us in laymen terms how this works with gnupg.org?

openpgpkey.gnupg.org has address 217.69.77.222
openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote:
> Can you tell me/us in laymen terms how this works with gnupg.org?
>
> openpgpkey.gnupg.org has address 217.69.77.222
> openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22
>
> Regards
> Stefan

Sure. Let's suppose you wanted to fetch Werner's key. You want the key
for wk@gnupg.org Using --with-wkd-hash parameter, we can see that this
would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org

Then, the key of Werner lives at
https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f

If openpgpkey.gnupg.org didn't exist, then it would use the direct schema, in which the key would be at
https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f



Best regards




_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 10, 2021 at 11:22 PM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote:
> > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > openpgpkey.gnupg.org has address 217.69.77.222
> > openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22
> >
> > Regards
> > Stefan
>
> Sure. Let's suppose you wanted to fetch Werner's key. You want the key
> for wk@gnupg.org Using --with-wkd-hash parameter, we can see that this
> would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org
>
> Then, the key of Werner lives at
> https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
>
> If openpgpkey.gnupg.org didn't exist, then it would use the direct schema, in which the key would be at
> https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f

Thanks, so I think the culprit could be that maybe the specs were
changed, when I
look at your links, including the gnupg.org domain as a folder, which
I never set-up
when doing this for my 300baud.de domain. I checked also older WKD tutorials
on the Internet and they do not mention a domain folder either.

I tried to include this domain folder, this morning, named sac001 but it did not
work either, whether with GnuPG or sequioa-pgp.

So my guess is that GnuPG gives this cert error because it does not support
wildcard subdomains, included in an SSL cert, like the GitHub one.

Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
what happens.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

12021/00/10 04:42.21 ?????, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> ??????:
> Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
> Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
> what happens.

Let's Encrypt does offer such certificates. You can generate using e.g.:

sudo certbot certonly --rsa-key-size 4096 --manual -d *.domain.tld

(editing parameters as necessary).

HTH!

- Chiraag
--
?????? ??????
Pronouns: he/him/his

On Mon, Jan 11, 2021 at 4:55 PM ?????? ?????? via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> 12021/00/10 04:42.21 ?????, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> ??????:
> > Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at
> > Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see
> > what happens.
>
> Let's Encrypt does offer such certificates. You can generate using e.g.:
>
> sudo certbot certonly --rsa-key-size 4096 --manual -d *.domain.tld
>
> (editing parameters as necessary).
>
> HTH!

Great, thanks for the info!

I will do this in the next couple of days, in case Werner does not
chime in (assuming
he is not 'AWOL').

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 11/01/2021 16:32, Stefan Claas via Gnupg-users wrote:
> I will do this in the next couple of days, in case Werner does not
> chime in (assuming
> he is not 'AWOL').

Stefan, please dial down the casual sniping at Werner. It's not
constructive.

--
Andrew Gallagher

On Mon, Jan 11, 2021 at 6:16 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 11/01/2021 16:32, Stefan Claas via Gnupg-users wrote:
> > I will do this in the next couple of days, in case Werner does not
> > chime in (assuming
> > he is not 'AWOL').
>
> Stefan, please dial down the casual sniping at Werner. It's not
> constructive.

Ok, Andrew I hereby apologize to Werner!

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-11 at 16:36 +0100, Stefan Claas wrote:
> On Sun, Jan 10, 2021 at 11:22 PM ?ngel wrote:
> > On 2021-01-10 at 18:47 +0100, Stefan Claas wrote:
> > > Can you tell me/us in laymen terms how this works with gnupg.org?
> >
> > Sure. Let's suppose you wanted to fetch Werner's key. You want the
> > key
> > for wk@gnupg.org Using --with-wkd-hash parameter, we can see that
> > this
> > would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org
> >
> > Then, the key of Werner lives at
> > https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> >
> > If openpgpkey.gnupg.org didn't exist, then it would use the direct
> > schema, in which the key would be at
> > https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
>
> Thanks, so I think the culprit could be that maybe the specs were
> changed, when I
> look at your links, including the gnupg.org domain as a folder, which
> I never set-up
> when doing this for my 300baud.de domain. I checked also older WKD
> tutorials
> on the Internet and they do not mention a domain folder either.
>
> I tried to include this domain folder, this morning, named sac001 but
> it did not work either, whether with GnuPG or sequioa-pgp.
>
> So my guess is that GnuPG gives this cert error because it does not
> support
> wildcard subdomains, included in an SSL cert, like the GitHub one.


The folder with the domain name is only used in the advanced method.
Compare how the url using openpgpkey.gnupg.org above has a gnupg.org
folder but the url of gnupg.org doesn't.


In your case, you would place your key at

https://openpgpkey.300baud.de/.well-known/openpgpkey/300baud.de/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33

or -if openpgpkey.300baud.de doesn't exist- at

https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33

note that in both cases, you still need a file named policy in the same
folder that contains hu/ (just create an empty file, but it must be
there)


The advanced method was added in November 2018, 2.5 years ago, in
version 7 of the draft:
https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-06&url2=draft-koch-openpgp-webkey-service-07&difftype=--html


It's true that draft-koch-openpgp-webkey-service doesn't specify that
the https certificate must be valid. One would generally expect that
https:// with no, normal rules would apply, although there is a history
of ignoring certificate validation if keys are going to be validated
through WoT. The "make a CNAME of your openpgpkeys subdomain to
wkd.keys.openpgp.org" couldn't work with https certificate validation,
thouth (or are they requesting a certificate on-the-fly?)
Actually, I suspect that depending on how you build gnupg, it would
validate them or not.

Best regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mon, Jan 11, 2021 at 11:03 PM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-11 at 16:36 +0100, Stefan Claas wrote:
> > On Sun, Jan 10, 2021 at 11:22 PM Ángel wrote:
> > > On 2021-01-10 at 18:47 +0100, Stefan Claas wrote:
> > > > Can you tell me/us in laymen terms how this works with gnupg.org?
> > >
> > > Sure. Let's suppose you wanted to fetch Werner's key. You want the
> > > key
> > > for wk@gnupg.org Using --with-wkd-hash parameter, we can see that
> > > this
> > > would generate nq6t9teux7edsnwdksswydu4o9i5es3f@gnupg.org
> > >
> > > Then, the key of Werner lives at
> > > https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> > >
> > > If openpgpkey.gnupg.org didn't exist, then it would use the direct
> > > schema, in which the key would be at
> > > https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
> >
> > Thanks, so I think the culprit could be that maybe the specs were
> > changed, when I
> > look at your links, including the gnupg.org domain as a folder, which
> > I never set-up
> > when doing this for my 300baud.de domain. I checked also older WKD
> > tutorials
> > on the Internet and they do not mention a domain folder either.
> >
> > I tried to include this domain folder, this morning, named sac001 but
> > it did not work either, whether with GnuPG or sequioa-pgp.
> >
> > So my guess is that GnuPG gives this cert error because it does not
> > support
> > wildcard subdomains, included in an SSL cert, like the GitHub one.
>
>
> The folder with the domain name is only used in the advanced method.
> Compare how the url using openpgpkey.gnupg.org above has a gnupg.org
> folder but the url of gnupg.org doesn't.

Yes, I have checked that. Noteworthy IMHO, regarding wildcard subdomains,
gnupg.org does not have such entry in the DNS section, of the cert.

> In your case, you would place your key at
>
> https://openpgpkey.300baud.de/.well-known/openpgpkey/300baud.de/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33
>
> or -if openpgpkey.300baud.de doesn't exist- at
>
> https://300baud.de/.well-known/openpgpkey/hu/ywwzopgqx5kmisb8r18gq68h13jwdg33
>
> note that in both cases, you still need a file named policy in the same
> folder that contains hu/ (just create an empty file, but it must be
> there)

When I had that in the past, for 300baud.de I had that included,
it was an emtpy one.

> The advanced method was added in November 2018, 2.5 years ago, in
> version 7 of the draft:
> https://www.ietf.org/rfcdiff?url1=draft-koch-openpgp-webkey-service-06&url2=draft-koch-openpgp-webkey-service-07&difftype=--html

It would be nice to know why the advanced method was added. In case
the direct method would not be sufficent or would have security issues
I would think that than one replaces the direct method with advanced
one and then we only need only one method, in order that this works.
And if we must have two methods, why is the order not, like one would
think: check direct first and if this does not work check advanced?
I must admit I do not understand the programming logic.

> It's true that draft-koch-openpgp-webkey-service doesn't specify that
> the https certificate must be valid. One would generally expect that
> https:// with no, normal rules would apply, although there is a history
> of ignoring certificate validation if keys are going to be validated
> through WoT. The "make a CNAME of your openpgpkeys subdomain to
> wkd.keys.openpgp.org" couldn't work with https certificate validation,
> thouth (or are they requesting a certificate on-the-fly?)
> Actually, I suspect that depending on how you build gnupg, it would
> validate them or not.

It should be noted that my findings and proposal for wildcard subdomains
would allow organizations and individuals to reduce costs, when using
purchased SSL certs, instead of Let's Encrypt ones. Not only this but
if this would work, like I mentioned in my bund.de example, organizations
would have the freedom to choose WKD instead of hockeypuck or Hagrid,
and they would have a compatible *inhouse* solution, via simple
Web management, instead of running a server software, like hokeypuck
or Hagrid. And In my example, with GitHub, I guess it would be fantastic
too, to promote WKD GnuPG/sequoia-pgp usage for individuals,
low on budged while not extra running an own server and purchasing
a domain.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 09:25:15AM +0100, Stefan Claas via Gnupg-users
wrote:
>It would be nice to know why the advanced method was added.

To give more flexibility for people setting up a WKD for more than one
domain.

Let’s say that I manage example.org and example.net, and I want to serve
keys for addresses in both domains. With the “direct” method, I need to
set up two distinct WKD servers, one for each domain. With the
“advanced” method, I can set up a single server and make
openpgpkey.example.org and openpgpkey.example.net point to that single
server.

(SRV records would be the modern and proper way to provide such a level
of indirection, instead of a subdomain. And indeed, previous versions of
the WKD draft relied on SRV records. Unfortunately, resolving SRV
records was problematic for some implementers using some limited
languages with limited DNS capabilities, so they were scrapped in favor
of the subdomain approach.)


>the direct method would not be sufficent or would have security issues
>I would think that than one replaces the direct method with advanced
>one and then we only need only one method, in order that this works.

If you have only one domain to manage and don’t need the indirection
provided by the advanced method, the direct method is still perfectly
fine, why replace it?

>And if we must have two methods, why is the order not, like one would
>think: check direct first and if this does not work check advanced?

I don’t know, it feels more logical to me to look for an indirection
*first*, and only if there’s no indirection you then look at the target
domain itself.


- Damien

On 12/01/2021 09.25, Stefan Claas via Gnupg-users wrote:
> It would be nice to know why the advanced method was added. In case
> the direct method would not be sufficent or would have security issues
> I would think that than one replaces the direct method with advanced
> one and then we only need only one method, in order that this works.

A domain is not automatically tied to a webserver. It might so far only
be used for e-mail and just to set up WKD, one might not want to run a
webserver under the second-level domain itself. Therefore the
standardized "openpgpkey" subdomain, which can easily point to a
different IP. That makes it easy to completely separate the
infrastructure needed for WKD from anything else, like a webserver for a
web page, webmail or other services.

In addition, that separate server might serve WKD keys for a bunch of
different domains through redirects, hence it makes sense to separate
the URLs per domain. It just gives the admin additional flexibility by
not forcing them to make a certain URL under the main domain work.

> And if we must have two methods, why is the order not, like one would
> think: check direct first and if this does not work check advanced?
> I must admit I do not understand the programming logic.

That's easy: If openpgpkey.example.org exists, we can be certain that
example.org exists as well. So the check for the openpgpkey subdomain
must come first if its mere existence decides which method is tried.
Otherwise you would get HTTPS connections for every WKD request on the
example.org server, which fail if the direct method is not supported.
Just to make another HTTPS connection to openpgpkey.example.org to try
the advanced method next. That's a lot of overhead on both the client
and server side, compared to the two DNS queries you need to make either
way.

Hope that helps.
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On 12/01/2021 08:25, Stefan Claas via Gnupg-users wrote:

> if this would work, like I mentioned in my bund.de example, organizations
> would have the freedom to choose WKD instead of hockeypuck or Hagrid,
> and they would have a compatible*inhouse* solution, via simple
> Web management, instead of running a server software, like hokeypuck
> or Hagrid.

WKD is used to publish your own keys, or keys belonging to users in your
own domain. A keyserver is for publishing arbitrary other people's keys.
It has never been necessary for a business to run its own keyserver in
order to use PGP.

--
Andrew Gallagher

On Tue, Jan 12, 2021 at 11:49 AM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 12/01/2021 08:25, Stefan Claas via Gnupg-users wrote:
>
> > if this would work, like I mentioned in my bund.de example, organizations
> > would have the freedom to choose WKD instead of hockeypuck or Hagrid,
> > and they would have a compatible*inhouse* solution, via simple
> > Web management, instead of running a server software, like hokeypuck
> > or Hagrid.
>
> WKD is used to publish your own keys, or keys belonging to users in your
> own domain. A keyserver is for publishing arbitrary other people's keys.
> It has never been necessary for a business to run its own keyserver in
> order to use PGP.

Let me say first thank you to Damien and Andre, because I want to make it
short and therefore sorry for not replying to your messages.

Your are right, but we all know what happened to the SKS Network and
we know also that Hagrid is perfectly fine for privacy and once a hockeypuck
Network is in operation users will appreciate it too.

The point for me is WKD exists and can be used as an cheap inhouse
solution, for families or organizations, if it would allow cost effective
wildcard subdomain support for SSL certs, which IMHO can not hurt
and if the direct method would be triggered first.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 11:27, Stefan Claas wrote:
> The point for me is WKD exists and can be used as an cheap inhouse
> solution, for families or organizations, if it would allow cost effective
> wildcard subdomain support for SSL certs, which IMHO can not hurt
> and if the direct method would be triggered first.

Yes, WKD is great. But as André has explained, there is an overhead cost
(to everyone) for trying the direct method first, so inverting this to
work around the side effects of an experiment that's tied to one
particular vendor's service is a *huge* ask.

--
Andrew Gallagher

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
> On 12/01/2021 11:27, Stefan Claas wrote:
> > The point for me is WKD exists and can be used as an cheap inhouse
> > solution, for families or organizations, if it would allow cost effective
> > wildcard subdomain support for SSL certs, which IMHO can not hurt
> > and if the direct method would be triggered first.
>
> Yes, WKD is great. But as André has explained, there is an overhead cost
> (to everyone) for trying the direct method first, so inverting this to
> work around the side effects of an experiment that's tied to one
> particular vendor's service is a *huge* ask.

Well, I am not sure about the details for a server or a user when it comes
to overhead and if you mean with one particular vendow GitHub, well
that may be the beginning, for such request. But like I mentioned if people
would wish to manage key distribution themselves, without using third
parties, like Hagrid or hokeypuck or even running such software and
servers I strongly believe that WKD could be an excellent choice, if
this would be fixed.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Well, I am not sure about the details for a server or a user when it comes
> to overhead and if you mean with one particular vendow GitHub, well
> that may be the beginning, for such request. But like I mentioned if people
> would wish to manage key distribution themselves, without using third
> parties, like Hagrid or hokeypuck or even running such software and
> servers I strongly believe that WKD could be an excellent choice, if
> this would be fixed.

And for the fun factor I could put also an .ots file from my pub key into
the hu directory,thus making Mallory a bit angry ... :-D

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:

> And for the fun factor I could put also an .ots file from my pub key into
> the hu directory,thus making Mallory a bit angry ... :-D

Unfortunaly I am no skilled Golang programmer, otherwise I would write
a WKD key fetch utility, which works like sequoia-pgp, e.g fechting the
binary key blob and displaying the results to stdout and additionally
fetching the younamit.ots file and the policy file, while storing those
in the current workin directory and where the policy file would contain
the fingerprint of my key.

Thus an OpenPGP users could use the direct method, like sequoia-pgp
does, had my pub key and the policy file and .oth file which he can use with
time stamping services.

And it would not break WKD specs.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 2:22 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> On Tue, Jan 12, 2021 at 1:04 PM Stefan Claas
> <spam.trap.mailing.lists@gmail.com> wrote:
> >
> > On Tue, Jan 12, 2021 at 12:47 PM Stefan Claas
> > <spam.trap.mailing.lists@gmail.com> wrote:
>
> > And for the fun factor I could put also an .ots file from my pub key into
> > the hu directory,thus making Mallory a bit angry ... :-D
>
> Unfortunaly I am no skilled Golang programmer, otherwise I would write
> a WKD key fetch utility, which works like sequoia-pgp, e.g fechting the
> binary key blob and displaying the results to stdout and additionally
> fetching the younamit.ots file and the policy file, while storing those
> in the current workin directory and where the policy file would contain
> the fingerprint of my key.
>
> Thus an OpenPGP users could use the direct method, like sequoia-pgp
> does, had my pub key and the policy file and .oth file which he can use with
> time stamping services.
>
> And it would not break WKD specs.

Edit: the policy file would be timestamped, because it can be pasted
as ASCII file into timestamping web services and would then fulfill a job,
whic I have not yet seen otherwise.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Dienstag, 12. Januar 2021 12:47:59 CET Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com>
wrote:
> > Yes, WKD is great. But as Andr? has explained, there is an overhead cost
> > (to everyone) for trying the direct method first, so inverting this to
> > work around the side effects of an experiment that's tied to one
> > particular vendor's service is a *huge* ask.
>
> Well, I am not sure about the details for a server or a user when it comes
> to overhead and if you mean with one particular vendow GitHub, well
> that may be the beginning, for such request. But like I mentioned if people
> would wish to manage key distribution themselves, without using third
> parties, like Hagrid or hokeypuck or even running such software and
> servers I strongly believe that WKD could be an excellent choice, if
> this would be fixed.

Why do you think anything needs to be changed in gpg? The problem isn't the
implementation of WKD in gpg. The problem is that GitHub serves sub-sub-
subdomains like openpgpkey.sac001.github.io with an invalid TLS certificate.

It's not only gpg that complains.

===
$ curl https://openpgpkey.sac001.github.io
curl: (60) SSL: no alternative certificate subject name matches target host
name 'openpgpkey.sac001.github.io'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
===

It's easy for people to manage key distribution themselves with WKD. All they
have to do is setup WKD with or without openpgpkey subdomain with valid (!!!)
TLS certificates.

Regards,
Ingo

On Tue, Jan 12, 2021 at 5:36 PM Ingo Klöcker <kloecker@kde.org> wrote:
>
> On Dienstag, 12. Januar 2021 12:47:59 CET Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 12:43 PM Andrew Gallagher <andrewg@andrewg.com>
> wrote:
> > > Yes, WKD is great. But as André has explained, there is an overhead cost
> > > (to everyone) for trying the direct method first, so inverting this to
> > > work around the side effects of an experiment that's tied to one
> > > particular vendor's service is a *huge* ask.
> >
> > Well, I am not sure about the details for a server or a user when it comes
> > to overhead and if you mean with one particular vendow GitHub, well
> > that may be the beginning, for such request. But like I mentioned if people
> > would wish to manage key distribution themselves, without using third
> > parties, like Hagrid or hokeypuck or even running such software and
> > servers I strongly believe that WKD could be an excellent choice, if
> > this would be fixed.
>
> Why do you think anything needs to be changed in gpg? The problem isn't the
> implementation of WKD in gpg. The problem is that GitHub serves sub-sub-
> subdomains like openpgpkey.sac001.github.io with an invalid TLS certificate.
>
> It's not only gpg that complains.
>
> ===
> $ curl https://openpgpkey.sac001.github.io
> curl: (60) SSL: no alternative certificate subject name matches target host
> name 'openpgpkey.sac001.github.io'
> More details here: https://curl.se/docs/sslcerts.html
>
> curl failed to verify the legitimacy of the server and therefore could not
> establish a secure connection to it. To learn more about this situation and
> how to fix it, please visit the web page mentioned above.
> ===
>
> It's easy for people to manage key distribution themselves with WKD. All they
> have to do is setup WKD with or without openpgpkey subdomain with valid (!!!)
> TLS certificates.

Hello Ingo,

please ... openpgpkey is *not* a part of a real (sub)domain, which a
user of any domain service has to define in a record.

Please accept also that a modern OpenPGP software like sequoia-pgp
can handle this *adequately* with the direct method first!

Additionally I have received from GitHub a very nice reply, which I and
I guess all will accept here!

Quote: "... however I don't believe GitHub is in a position to try and persuade
a software author to change or fix their software."

So the last thing besides here discussing the issue with the community is
to file a bug report at: https://dev.gnupg.org/

At least the global OpenPGP community is now aware of my proposal
and I repeat here once again: GitHub (which I am not affiliated with in
any form) has a *proper* SSL cert and github.io pages are properly
working subdomain sites, wiich GnuPG's and gpg4win's WKD implementation
can not handle, while modern OpenPGP implementations like
sequoia-pgp can handle this. BTW. I am also not affiliated in any form with
sequoia or the pep foundation etc.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

maybe I'm not the only one here who doesn't fully follow what your
"proposal" actually is. For me, it sounds like you are misunderstanding
some things and therefore think you are making a superior proposal where
it is actually based on wrong assumptions.

On 12/01/2021 18.05, Stefan Claas via Gnupg-users wrote:
> please ... openpgpkey is *not* a part of a real (sub)domain, which a
> user of any domain service has to define in a record.

I do not understand this statement at all. Could you please elaborate?

> Please accept also that a modern OpenPGP software like sequoia-pgp
> can handle this *adequately* with the direct method first!

It seems adequate for *you*, but as I explained it would put a burden on
both the client and the involved webservers to handle it that way. In
case the advanced method is available, and the direct method is not,
testing for the direct method first is not a cheap operation.

It has also been pointed out repeatedly in this thread that Sequoia
apparently does not properly check the TLS certificate, which you have
proven with your example setup. That could be called "modern" or
"insecure". It has nothing to do with the ordering of the two methods.

> Additionally I have received from GitHub a very nice reply, which I and
> I guess all will accept here!
>
> Quote: "... however I don't believe GitHub is in a position to try and persuade
> a software author to change or fix their software."

I agree they shouldn't try that. Your question to them probably hinted
at something being the problem which is not in their control. While
actually the real problem is something else which they could control on
their side (see below).

> At least the global OpenPGP community is now aware of my proposal
> and I repeat here once again: GitHub (which I am not affiliated with in
> any form) has a *proper* SSL cert and github.io pages are properly
> working subdomain sites, wiich GnuPG's and gpg4win's WKD implementation

This is plain wrong, as Ingo has pointed out. But let me explain to you
why I think so.

The certificate is issued for *.github.io. So it is valid for anything
like example.github.io, openpgpkey.github.io, whatever.github.io. But
it is NOT VALID for any deeper level of subdomain, like
foo.bar.github.io or openpgpkey.example.github.io. That's just how TLS
certificate validity is defined.

However, GitHub apparently still presents that certificate when making
an HTTPS connection to the deeper subdomains, e.g.
openpgpkey.example.github.io. For this connection, the certificate is
definitely NOT VALID, as curl or gnupg do point out. Sequoia seems to
apply different rules for the hostname check, so it seems to "just work"
for you. In fact, it should only accept a certificate for
openpgpkey.example.github.io or *.example.github.io.

So there are two "bugs" involved here. 1. GitHub presenting an invalid
certificate for the sub-subdomain and 2. Sequoia not noticing that.
Neither of these are bugs in GnuPG. If you can accept these facts, then
it makes sense to further discuss what could be changed where to make
your desired setup work. Maybe that discussion will lead to a concise
change proposal.

One more question: You're talking about OpenPGP key discovery setups for
families and small groups, IIUC. And that should involve WKD and
GitHub. But how should these people actually get working e-mail
addresses @example.github.io? WKD very specifically ties the key
discovery to the control over the involved domain. It moves part of the
trust relationship to the domain administrator. So who is actually in
control over those e-mail addresses?

I hope this mail will not upset you. Just trying to clarify what you
might have misunderstood that leads to people not understanding or
agreeing with your proposal. I don't mind to be proven wrong if it was
in fact my misunderstanding.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,

> So there are two "bugs" involved here. 1. GitHub presenting an invalid
> certificate for the sub-subdomain and 2. Sequoia not noticing that.
> Neither of these are bugs in GnuPG. If you can accept these facts, then
> it makes sense to further discuss what could be changed where to make
> your desired setup work. Maybe that discussion will lead to a concise
> change proposal.

Hi Andre, currently I can only accept the fact that these two "bugs" are
currently not resolved in GnuPG and gpg4win, if you allow me to
formulate it this way. I desperately hope that this thread will lead to a
fruitful outcome, for GnuPG and gpg4win users, while I personally
could care less, because I just checked yesterday the latest sq
version and I am happy that it works.

> One more question: You're talking about OpenPGP key discovery setups for
> families and small groups, IIUC. And that should involve WKD and
> GitHub. But how should these people actually get working e-mail
> addresses @example.github.io? WKD very specifically ties the key
> discovery to the control over the involved domain. It moves part of the
> trust relationship to the domain administrator. So who is actually in
> control over those e-mail addresses?

Good question Andre! In case of github.io there is apprently no
email address, which is IMHO a good thing if people like to
set-up a github.io page and do not want to reveal their real
email address, to third parties, which is IMHO their good right,
in case they like to use this github.io pub key as multi-purpose
key, let's say for multiple email accounts, from other services,
file transfer, NFC postcards, you name it.

Let's say as an example for gnupg.org. If am not mistaken
dev.gnupg.org has a different cert as gnupg.org. Let's assume
also that gnupg.org would come up with the idea of running
keys.gnupg.org. I strongly believe that a (purchased) SSL
cert for gnupg.org, covering wildcard subdomains, like GitHub's
cert is neither wrong nor does it cause any security implications,
when the direct method is used.

Speaking of overhead, I must admit (again) I do not understand
what this is or what this can cause for a server maintainer or
a GnuPG or gpg4win user, when I for example can fetch my
pub key with sequoia real quick, because in binary form these
are only a couple of bytes and I strongly believe that a simple
directory structure, holding some files, on a web server has no
issues either.

> I hope this mail will not upset you. Just trying to clarify what you
> might have misunderstood that leads to people not understanding or
> agreeing with your proposal. I don't mind to be proven wrong if it was
> in fact my misunderstanding.

Of course not and I appreciate if this issue can be discussed further!

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:

>> One more question: You're talking about OpenPGP key discovery setups for
>> families and small groups, IIUC. And that should involve WKD and
>> GitHub. But how should these people actually get working e-mail
>> addresses @example.github.io? WKD very specifically ties the key
>> discovery to the control over the involved domain. It moves part of the
>> trust relationship to the domain administrator. So who is actually in
>> control over those e-mail addresses?
>
> Good question Andre! In case of github.io there is apprently no
> email address, which is IMHO a good thing if people like to
> set-up a github.io page and do not want to reveal their real
> email address, to third parties, which is IMHO their good right,
> in case they like to use this github.io pub key as multi-purpose
> key, let's say for multiple email accounts, from other services,
> file transfer, NFC postcards, you name it.

The point of WKD is using the trust of the CA machinery (and the
assumption that the email infrastructure and web servers serving a
specific domain are run by the same organization) to securely retrieve
OpenPGP keys associated to an email address. There keys can then be used
to communicate with the older of the email address.

The party in the communication are identified by email addresses.

In your scheme there are no email addresses. How is retrieving an
OpenPGP key from a random .github.io subdomain from obtaining it in any
other untrusted way? What is the line of trust in the scheme you are
proposing?

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
>>
>> Hi Stefan,
>
>> So there are two "bugs" involved here. 1. GitHub presenting an invalid
>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>> Neither of these are bugs in GnuPG. If you can accept these facts, then
>> it makes sense to further discuss what could be changed where to make
>> your desired setup work. Maybe that discussion will lead to a concise
>> change proposal.
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way.

How can GPG solve bugs that are not in the GPG code or infrastructure? I
think André did a great job explaining what the issues are. How do you
think they can be addressed by GPG?

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 12 Jan 2021, at 19:44, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way.

You should not formulate it this way. If the bugs are not in gnupg, they cannot be resolved in gnupg.

A
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 9:43 PM Andrew Gallagher <andrewg@andrewg.com> wrote:
>
>
> > On 12 Jan 2021, at 19:44, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:
> >
> > Hi Andre, currently I can only accept the fact that these two "bugs" are
> > currently not resolved in GnuPG and gpg4win, if you allow me to
> > formulate it this way.
>
> You should not formulate it this way. If the bugs are not in gnupg, they cannot be resolved in gnupg.

Ok, than I should formulate it as feature request, for GnuPG and gpg4win.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi <daniele@grinta.net> wrote:
>
> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
> > On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
> >>
> >> Hi Stefan,
> >
> >> So there are two "bugs" involved here. 1. GitHub presenting an invalid
> >> certificate for the sub-subdomain and 2. Sequoia not noticing that.
> >> Neither of these are bugs in GnuPG. If you can accept these facts, then
> >> it makes sense to further discuss what could be changed where to make
> >> your desired setup work. Maybe that discussion will lead to a concise
> >> change proposal.
> >
> > Hi Andre, currently I can only accept the fact that these two "bugs" are
> > currently not resolved in GnuPG and gpg4win, if you allow me to
> > formulate it this way.
>
> How can GPG solve bugs that are not in the GPG code or infrastructure? I
> think André did a great job explaining what the issues are. How do you
> think they can be addressed by GPG?

If you followed the whole thread you may agree that GnuPG and gpg4win,
due to the way of how WKD is implemented does not allow wildcard (sub)domains,
when fetching a pub key from, for example, github.io pages, because it gives
a cert error for a *valid* SSL cert, while other OpenPGP software,
like sequoia-pgp,
can handle this.

I suggest that you or any other persons ask this question Werner, the author
of GnuPG and IIRC the wkd-draft author or you ask the sequoia
team how they implemented WKD, because sq.exe does it's job.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in
<CAC6FiZ4okkkjsZWG5N7MmnZL=twait-geP8VBJA8ai49vza1+g@mail.gmail.com>:
>> How can GPG solve bugs that are not in the GPG code or infrastructure? I
>> think Andr? did a great job explaining what the issues are. How do you
>> think they can be addressed by GPG?
>
>If you followed the whole thread you may agree that GnuPG and gpg4win,
>due to the way of how WKD is implemented does not allow wildcard (sub)domains,
>when fetching a pub key from, for example, github.io pages, because it gives
>a cert error for a *valid* SSL cert, while other OpenPGP software,
>like sequoia-pgp,
>can handle this.
>
>I suggest that you or any other persons ask this question Werner, the author
>of GnuPG and IIRC the wkd-draft author or you ask the sequoia
>team how they implemented WKD, because sq.exe does it's job.

Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ :

Websites prove their identity via certificates. Firefox does not trust this site
because it uses a certificate that is not valid for openpgpkey.sac001.github.io.
The certificate is only valid for the following names: www.github.com,
*.github.com, github.com, *.github.io, github.io, *.githubusercontent.com,
githubusercontent.com

I don't see the valid SSL certificate you keep on insisting is there.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 20.40, Stefan Claas wrote:
>> So there are two "bugs" involved here. 1. GitHub presenting an invalid
>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>> Neither of these are bugs in GnuPG. If you can accept these facts, then
>> it makes sense to further discuss what could be changed where to make
>> your desired setup work. Maybe that discussion will lead to a concise
>> change proposal.
>
> Hi Andre, currently I can only accept the fact that these two "bugs" are
> currently not resolved in GnuPG and gpg4win, if you allow me to
> formulate it this way. I desperately hope that this thread will lead to a

I (and others) understand the word "bug" as in "software not working
according to its specification". The specification is the WKD Internet
Draft as well as some RFCs about TLS certificate rules. Bugs in Sequoia
or GitHub's DNS configuration can therefore not be resolved in a
different software, namely GnuPG. Not sure what you mean by "resolve"
otherwise. Ignoring security rules would be a workaround, and a
terrible one as well.

Regarding the "misconfiguration" of GitHub's DNS and HTTPS, I noticed
Werner has actually added a corresponding paragraph to the WKD draft in
May 2019 (version 08):

Sites which do not use the advanced method but employ wildcard DNS
for their sub-domains MUST make sure that the "openpgpkey" sub-domain
is not subject to the wildcarding. This can be done by inserting an
empty TXT RR for this sub-domain.

Of course that only applies for someone striving for WKD conformance,
which the github.io domain has absolutely no business with. Therefore
they don't take this extra measure to suppress a failed attempt with the
WKD advanced method.

> Good question Andre! In case of github.io there is apprently no
> email address, which is IMHO a good thing if people like to
> set-up a github.io page and do not want to reveal their real
> email address, to third parties, which is IMHO their good right,
> in case they like to use this github.io pub key as multi-purpose
> key, let's say for multiple email accounts, from other services,
> file transfer, NFC postcards, you name it.

Okay, so you're using a protocol (WKD) that was purpose-designed with
e-mail in mind, but your user IDs don't work as e-mail addresses.
Despite looking exactly alike. That in itself might confuse people
(like me) using those keys. However WKD itself is not strictly tied to
e-mail, in contrast to WKS (the related Web Key Service protocol).

> Let's say as an example for gnupg.org. If am not mistaken
> dev.gnupg.org has a different cert as gnupg.org. Let's assume
> also that gnupg.org would come up with the idea of running
> keys.gnupg.org. I strongly believe that a (purchased) SSL
> cert for gnupg.org, covering wildcard subdomains, like GitHub's
> cert is neither wrong nor does it cause any security implications,
> when the direct method is used.

You need to distinguish at which level the wildcard is found. A TLS
certificate for *.gnupg.org would be perfectly fine, and even if
dev.gnupg.org uses its own even though it would be covered by the
wildcard. A fictional openpgpkey.gnupg.org server could present the
wildcard cert, just as GitHub does it. But for an
openpgpkey.dev.gnupg.org server, that would be invalid. Again, a
certificate for *.dev.gnupg.org could be used there.

There's two sides to the validity: DNS and TLS. Going back to the
GitHub example for continuity. The DNS server resolves
example.github.io to some IP address. It also resolves any
sub-subdomain like openpgpkey.example.github.io to a (probably the same)
IP address. The web server at that address presents a TLS certificate
which is issued for *.github.io. It would need to present a different
certificate for *.example.github.io in order to make a valid TLS
authenticated connection. I don't think there is something like a
*.*.github.io entry they could include in their certificate that would
cover all sub- and sub-sub-domains at once. So the HTTPS connection to
openpgpkey.example.github.io "works" on the DNS level, but has NO VALID
TLS set up, which is the "bug" / error on their side.

> Speaking of overhead, I must admit (again) I do not understand
> what this is or what this can cause for a server maintainer or
> a GnuPG or gpg4win user, when I for example can fetch my
> pub key with sequoia real quick, because in binary form these
> are only a couple of bytes and I strongly believe that a simple
> directory structure, holding some files, on a web server has no
> issues either.

I'll try to explain what happens during a WKD lookup attempt in your
preferred order, in hopefully simple terms (not 100 % technically correct).

1. The client queries DNS for the github.io domain, gets back an NS
record (a name server for the github.io zone).
2. Client asks the returned DNS server about example.github.io, gets
back an IP address for the (web) server.
3. Client contacts the web server on port 443, initiating a TLS
handshake. Gets back a TLS certificate issued for *.github.io.
4. Client checks that the contacted DNS name is actually covered by that
certificate. (OK for example.github.io, not for deeper levels)
5. Client sends an HTTP request over the established TLS connection,
asking for the well-known URL's path component. The server answers "404
Not found" or similar.
6. Client decides that the simple method failed and goes back to step 2,
this time trying the openpgpkey.example.github.io DNS name. Step 5 will
succeed this time, returning the OpenPGP certificate and public key.

Now you need to know that the "handshake" part consists of several
back-and-forth data transfers, which is why surfing over satellite links
is awful and stuff like QUIC / HTTP/2 is being developed to try and
reduce these round trips. There are also many points where things can
go wrong, e.g. the web server simply not answering on port 443 because
it is really only an e-mail server and WKD is handled somewhere else
(where we get in the second round). That involves the connection
needing to time out first. So repeating steps 2 to 5 is what I mean
with "overhead", which may very well cause user-noticeable delays.

In contrast to that, *first* querying the sub-sub-domain
openpgpkey.example.github.io would ideally return NXDOMAIN and we can
switch immediately to trying the direct method. Less time and energy
wasted.

I say ideally, because on github.io specifically, that doesn't happen.
Which is fine in itself. But the WKD spec lets us interpret that as
"cool, the openpgpkey subdomain resolved, so let's use advanced method!"
If it now fails at a later step (TLS certificate validity in this case),
sane implementations rightfully report a misconfiguration and abort,
because it may just as well be an MITM attacker fooling with the TLS
certificate.

What could be done in the WKD spec and / or GnuPG is to fall back to the
simple method not only when the openpgpkey subdomain is unresolvable,
but also if any other error happens during the advanced method. I don't
see any obvious *security* implications in that. But providers like
GitHub would then go through two complete HTTPS connections before the
client notices "WKD just isn't set up properly there". The current WKD
draft tries to avoid that duplicated server load by aborting early based
on the DNS response.

What Sequoia could do is fix their TLS host name check (step 4 above) to
only match one level with a wildcard, slightly increasing security. But
that is their call and I'm not knowledgeable enough on official TLS
validity rules to point a finger. Just GnuPG and curl choking on your
example indicates that it might be the Right Thing to do.

What GitHub could do (easily) is follow the WKD recommendation and
specifically block any "openpgpkey" sub-subdomain from resolving. Just
in case someone is crazy enough (no offense Stefan :-) to try abusing
their free web page service for WKD.

Remember it is *their* domain even if they grant you free usage of a
subdomain. And WKD specifically delegates some trust to the *domain
owner*, so they have every right to not care about OpenPGP at all and
let WKD requests fail ungracefully. Even the right to serve an invalid
wildcard certificate for sub-subdomains (which is still bad though).

Sorry for the long read, but I hope it clarifies the situation.

Regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Tue, Jan 12, 2021 at 10:58 PM André Colomb <andre@colomb.de> wrote:

[...]

Andre, please appoligze that I snipped your reply and that I only
give a short reply, your explanations of server/client IO was
welcome.

In my OP I only asked for help from the community to set-up
WKD for GnuPG or gpg4win usage and I gave also in this
thread a couple of thoughts why WKD could be a very useful
addition to Hagrid and later hockerpuck.

I think I do undertsand the American Way Of Life quite a bit,
meaning that U.S. citizens are more open to privacy related
things with security software then maybe us old Sauerkrauts,
so to speak. Therefore I doubt that an IMHO very cool billion
dollar company like GitHub, according to the reply I got
from them, would see WKD usage as harm for their service,
when used by many people. I could be wrong of course (in
the future)

Even if there would be no github.io pages available I hope
that I showed here something interesting for the GnuPG
community.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 11:02 PM Daniele Nicolodi <daniele@grinta.net> wrote:

> The point of WKD is using the trust of the CA machinery (and the
> assumption that the email infrastructure and web servers serving a
> specific domain are run by the same organization) to securely retrieve
> OpenPGP keys associated to an email address. There keys can then be used
> to communicate with the older of the email address.
>
> The party in the communication are identified by email addresses.
>
> In your scheme there are no email addresses. How is retrieving an
> OpenPGP key from a random .github.io subdomain from obtaining it in any
> other untrusted way? What is the line of trust in the scheme you are
> proposing?

Please let me clarify one thing (and I do not want to play or act like
a teacher, uknown to you or others)

Before PGP was invented by Mr. Zimmermann, public key cryptography
does not needed a Web of Trust, nor a public key which has to bear a
name or an email address! I for example use besides OpenPGP software
also public key crypto software based on Professor Bernstein's NaCl
library, with friends in the United States, Canada and Germany. This
public key is a 256bit key with not a single content of MetaData and
communicating with my friends is authenticated.

Public Key Cryptography does not mean, even If I place my publicty
available key on a site, that the whole world needs to know with whom
I communicate and from which channels. It is IMHO a misunderstanding
people make, new to public key cryptography, while only knowing popular
OpenPGP software. sequoia-pgp, in that respect, honors this old principle
and allows for exampla also users to create a key pair which does not
need a UID ant therefore can act, same as NaClbox the classic way of
public key cryptography.

The reason why I like also the option for, let's say github.io pages
is that, like I have shown in the whole thread that a very well known
site like GitHub, with it's millions of software developes allows one
to host, via WKD, a mutli-purpose usage public-key without revealing
to much details.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, Jan 12, 2021 at 11:32 PM Remco R?nders <remco@webconquest.com> wrote:
>
> On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in
> <CAC6FiZ4okkkjsZWG5N7MmnZL=twait-geP8VBJA8ai49vza1+g@mail.gmail.com>:
> >> How can GPG solve bugs that are not in the GPG code or infrastructure? I
> >> think André did a great job explaining what the issues are. How do you
> >> think they can be addressed by GPG?
> >
> >If you followed the whole thread you may agree that GnuPG and gpg4win,
> >due to the way of how WKD is implemented does not allow wildcard (sub)domains,
> >when fetching a pub key from, for example, github.io pages, because it gives
> >a cert error for a *valid* SSL cert, while other OpenPGP software,
> >like sequoia-pgp,
> >can handle this.
> >
> >I suggest that you or any other persons ask this question Werner, the author
> >of GnuPG and IIRC the wkd-draft author or you ask the sequoia
> >team how they implemented WKD, because sq.exe does it's job.
>
> Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ :
>
> Websites prove their identity via certificates. Firefox does not trust this site
> because it uses a certificate that is not valid for openpgpkey.sac001.github.io.
> The certificate is only valid for the following names: www.github.com,
> *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com,
> githubusercontent.com
>
> I don't see the valid SSL certificate you keep on insisting is there.

Hi, I suggest that you visit my https://sac001.github.io page and see what
it is all about. (BTW. I am also not affilated in any form with Brave ...)

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

On 12/01/2021 23.16, Stefan Claas wrote:
> Andre, please appoligze that I snipped your reply and that I only
> give a short reply, your explanations of server/client IO was
> welcome.

I'm happy if it helps keeping this discussion constructive and not
turning into a flame war :-)

> I think I do undertsand the American Way Of Life quite a bit,
> meaning that U.S. citizens are more open to privacy related
> things with security software then maybe us old Sauerkrauts,
> so to speak. Therefore I doubt that an IMHO very cool billion
> dollar company like GitHub, according to the reply I got
> from them, would see WKD usage as harm for their service,
> when used by many people. I could be wrong of course (in
> the future)

(Me too Sauerkraut...) But you're missing the point. GitHub has no
business whatsoever with e-mail. WKD is all about e-mail and you are
probably among the first to use it for something unrelated to e-mail.
So they don't give a Koffer about some e-mail-related protocol except
for maybe implementing it (hopefully sometime) for their own employees /
@github.com e-mail account users.

> Even if there would be no github.io pages available I hope
> that I showed here something interesting for the GnuPG
> community.

Interesting yes, to the community, yes. But not to the billion dollar
company whose offer has nothing to do with e-mail. Not interesting in
the sense of "we will invest time and money and risk breaking other
users' setups by changing something in our infrastructure" because of
some creative WKD use case.

By the way, there might be other free web hosting providers you could
use to serve a couple of bytes via HTTPS. It's very likely that they do
not have the same issues with wildcard domains and invalid TLS
certificates as github.io.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Tue, Jan 12, 2021 at 11:46 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,
>
> On 12/01/2021 23.16, Stefan Claas wrote:
> > Andre, please appoligze that I snipped your reply and that I only
> > give a short reply, your explanations of server/client IO was
> > welcome.
>
> I'm happy if it helps keeping this discussion constructive and not
> turning into a flame war :-)
>
> > I think I do undertsand the American Way Of Life quite a bit,
> > meaning that U.S. citizens are more open to privacy related
> > things with security software then maybe us old Sauerkrauts,
> > so to speak. Therefore I doubt that an IMHO very cool billion
> > dollar company like GitHub, according to the reply I got
> > from them, would see WKD usage as harm for their service,
> > when used by many people. I could be wrong of course (in
> > the future)
>
> (Me too Sauerkraut...) But you're missing the point. GitHub has no
> business whatsoever with e-mail. WKD is all about e-mail and you are
> probably among the first to use it for something unrelated to e-mail.
> So they don't give a Koffer about some e-mail-related protocol except
> for maybe implementing it (hopefully sometime) for their own employees /
> @github.com e-mail account users.

It does not need to have an email business.

> > Even if there would be no github.io pages available I hope
> > that I showed here something interesting for the GnuPG
> > community.
>
> Interesting yes, to the community, yes. But not to the billion dollar
> company whose offer has nothing to do with e-mail. Not interesting in
> the sense of "we will invest time and money and risk breaking other
> users' setups by changing something in our infrastructure" because of
> some creative WKD use case.
>
> By the way, there might be other free web hosting providers you could
> use to serve a couple of bytes via HTTPS. It's very likely that they do
> not have the same issues with wildcard domains and invalid TLS
> certificates as github.io.

Mmmh ... github.io or GitHub does *not* have issues with wildcard
domains ...

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 23.33, Stefan Claas via Gnupg-users wrote:
> On Tue, Jan 12, 2021 at 11:32 PM Remco R?nders <remco@webconquest.com> wrote:
>> I don't see the valid SSL certificate you keep on insisting is there.

I totally agree with that. It's valid for the sac001 subdomain, but
INVALID for anything below that, which GitHub still happily (and
wrongfully) uses it for when asked though.

> Hi, I suggest that you visit my https://sac001.github.io page and see what
> it is all about. (BTW. I am also not affilated in any form with Brave ...)

Sorry, that didn't enlighten me at all. So what is it all about? What
does it have to do with timestamping?

On a side note: Your sac001 account carries your full name, same as used
on this mailing list. You are probably the only one using WKD in this
context on github.io. So whatever new account you create, people could
very soon find out who is behind that scheme :-) So, only anonymous in
theory.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On 12/01/2021 23.47, Stefan Claas wrote:
> Mmmh ... github.io or GitHub does *not* have issues with wildcard
> domains ...

Here we are back at you denying facts, or maybe just generalizing too
much. As several others have put it already:

When "browsing" to openpgpkey.sac001.github.io with whatever reasonable
HTTPS client, you are directed to an IP address. The web server at that
IP address presents a certificate for (among others) *.github.io. This
certificate is *invalid* for the originally entered domain name. No
matter how many times you deny it.

For sac001.github.io, the certificate is *valid*. Nobody ever
questioned that. But it doesn't mean the above is untrue.

Stay safe.
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Wed, Jan 13, 2021 at 12:00 AM André Colomb <andre@colomb.de> wrote:
>
> On 12/01/2021 23.47, Stefan Claas wrote:
> > Mmmh ... github.io or GitHub does *not* have issues with wildcard
> > domains ...
>
> Here we are back at you denying facts, or maybe just generalizing too
> much. As several others have put it already:
>
> When "browsing" to openpgpkey.sac001.github.io with whatever reasonable
> HTTPS client, you are directed to an IP address. The web server at that
> IP address presents a certificate for (among others) *.github.io. This
> certificate is *invalid* for the originally entered domain name. No
> matter how many times you deny it.
>
> For sac001.github.io, the certificate is *valid*. Nobody ever
> questioned that. But it doesn't mean the above is untrue.
>
> Stay safe.
> André

Why in the name of (whoever) does one need to browse a URL, with an openpgp
part, If my browser does not allow me (AFAIK) to see it's content in
that openpgp
folder, or why do I/we need that for fetching securely a pub.key, if
the direct method
works (with sequoia-pgp) and Wiktor's WKD checker gives a green light for direct
and IIRC you initally said direct for fetching is fine?

Ok, I must say good night know, because I must get up early today.

Stay safe too!

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 22:17, Stefan Claas wrote:
> On Tue, Jan 12, 2021 at 10:09 PM Daniele Nicolodi <daniele@grinta.net> wrote:
>>
>> On 12/01/2021 20:40, Stefan Claas via Gnupg-users wrote:
>>> On Tue, Jan 12, 2021 at 8:17 PM André Colomb <andre@colomb.de> wrote:
>>>>
>>>> Hi Stefan,
>>>
>>>> So there are two "bugs" involved here. 1. GitHub presenting an invalid
>>>> certificate for the sub-subdomain and 2. Sequoia not noticing that.
>>>> Neither of these are bugs in GnuPG. If you can accept these facts, then
>>>> it makes sense to further discuss what could be changed where to make
>>>> your desired setup work. Maybe that discussion will lead to a concise
>>>> change proposal.
>>>
>>> Hi Andre, currently I can only accept the fact that these two "bugs" are
>>> currently not resolved in GnuPG and gpg4win, if you allow me to
>>> formulate it this way.
>>
>> How can GPG solve bugs that are not in the GPG code or infrastructure? I
>> think André did a great job explaining what the issues are. How do you
>> think they can be addressed by GPG?
>
> If you followed the whole thread you may agree that GnuPG and gpg4win,
> due to the way of how WKD is implemented does not allow wildcard (sub)domains,
> when fetching a pub key from, for example, github.io pages, because it gives
> a cert error for a *valid* SSL cert, while other OpenPGP software,
> like sequoia-pgp,
> can handle this.

It has been explained (several times now) that this is not the cases:
the certificates are invalid for sub-subdomains. Why are you insisting
that they are?

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 12/01/2021 23:30, Stefan Claas wrote:
> The reason why I like also the option for, let's say github.io pages
> is that, like I have shown in the whole thread that a very well known
> site like GitHub, with it's millions of software developes allows one
> to host, via WKD, a mutli-purpose usage public-key without revealing
> to much details.

I still don't understand why you insist on WKD when it seems to do not
support your use case, nor to offer any advantage over a simpler

wget -O- https://sac001.github.io/foobar.asc | gpg --import

given that the relation between the identifiers
"stefan@sac001.github.io" or "https://sac001.github.io/foobar.asc" and
the key you are retrieving is the same, ie none.

Cheers,
Dan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Andre,

On Tue, 12 Jan 2021 20:13:42 +0100,
Andr? Colomb wrote:
> It has also been pointed out repeatedly in this thread that Sequoia
> apparently does not properly check the TLS certificate, which you have
> proven with your example setup. That could be called "modern" or
> "insecure". It has nothing to do with the ordering of the two methods.

I'd like to clarify what Sequoia is doing (wrong).

As per the I-D, sq first tries the advanced method. If that fails for
any reason, it falls back to the direct method. You can see the three
relevant lines of code here:

https://gitlab.com/sequoia-pgp/sequoia/-/blob/c80d2ab0/net/src/wkd.rs#L288

If I remove the "or_else", which falls back to the direct method, then
sq shows the following error when fetching stefan@sac001.github.io:

$ sq wkd get stefan@sac001.github.io
Error: error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: (Hostname mismatch)

Caused by:
0: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915: (Hostname mismatch)
1: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1915:

So, the hostname mismatch is correctly identified, and it correctly
returns an error.

Where sq's behavior diverges from gpg's is that sq then tries the
direct method, but gpg does not.

The latest WKD I-D says:

3.1. Key Discovery

There are two variants on how to form the request URI: The advanced
and the direct method. Implementations MUST first try the advanced
method. Only if the required sub-domain does not exist, they SHOULD
fall back to the direct method.

https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-11

(FWIW, this was added to revision 7, which was published in
Nov. 2018.)

The I-D says "Only if the required sub-domain does not exist, they
SHOULD fall back to the direct method." The text doesn't say: "If
there is an error, they SHOULD fallback to the direct method unless
the required sub-domain does not exist, in which case they MUST NOT
fall back to the direct method." So, strictly speaking, I don't think
Sequoia is violating the specification.

But, I don't want to be overly pedantic. Even if the spec were to
prohibit falling back to the direct method when the subdomain exists,
what exactly would this prohibition gain us?

We thought about this question, but we couldn't figure out a
satisfactory answer. The worst attack we could come up with is: an
attacker could force a WKD client to use an illegitimate WKD via the
direct method instead of a legitimate WKD via the advanced method by:

- Taking over foo.com's https, AND
- Preventing a WKD client from correctly using the advanced method.

But the attacker is NOT able to:

- Take over openpgpkey.foo.com's https, OR
- Prevent the WKD client from resolving openpgpkey.foo.com.

So sure, that's possible, but it seems like WKD shouldn't foo.com's
biggest worry in that case.

(If we overlooked possible attacks, I'd be happy to hear about them.)

On the other hand, implementing this prohibition means that a DNS
server can prevent its clients from using WKD by forcing all
openpgpkey subdomains to resolve to 127.1. That's hard to notice,
because everything else still appears to work.

Practically speaking, we helped an organziation deploy WKD, and they
had a similar problem to what Stefan is observing: the admins setup
the direct method, but it didn't work, because their DNS automatically
resolved all unknown subdomains to serve a 404. Unfortunately, they
had outsourced management of their DNS and couldn't (or didn't know
how) to disable this behavior. IIRC, in the end, they spun up an
https server for openpgpkeys.domain.

:) Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Neal,

thanks for chiming in with details about your implementation. It's now
clear that the wrong certificate in fact triggers an alarm, which is
good. Only the fall-back behavior differs from GnuPG. Since Stefan set
up the direct method as well, that leads to his setup actually working
with Sequoia.

On 13/01/2021 10.12, Neal H. Walfield wrote:
> So, the hostname mismatch is correctly identified, and it correctly
> returns an error.
>
> Where sq's behavior diverges from gpg's is that sq then tries the
> direct method, but gpg does not.

I agree that this is the culprit why the two implementations differ.

> The I-D says "Only if the required sub-domain does not exist, they
> SHOULD fall back to the direct method." The text doesn't say: "If
> there is an error, they SHOULD fallback to the direct method unless
> the required sub-domain does not exist, in which case they MUST NOT
> fall back to the direct method." So, strictly speaking, I don't think
> Sequoia is violating the specification.

The way I read it, "SHOULD fall back" means that it can opt not to fall
back at all. The sentence begins with "Only if ... does not exist", so
the whole SHOULD statement just doesn't apply if the subdomain does
exist. Proper behavior when the subdomain exists, but some other error
occurs, is undefined in the spec. There is certainly room for
improvement / clarification here.

> But, I don't want to be overly pedantic. Even if the spec were to
> prohibit falling back to the direct method when the subdomain exists,
> what exactly would this prohibition gain us?

The whole point in my opinion is to give the domain admin control over
the WKD resolution process. By blocking the openpgpkey subdomain from
resolving, they can avoid needless HTTPS request handling, as I
explained in detail before:
https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064622.html

> (If we overlooked possible attacks, I'd be happy to hear about them.)

I don't see any big *security* implications either, but I'm really no
expert on that topic. There seems to be good reasons for why the I-D
specifies it exactly as it does, namely to give a way to control which
server automated WKD requests go to and keeping the load as small as
possible.

> On the other hand, implementing this prohibition means that a DNS
> server can prevent its clients from using WKD by forcing all
> openpgpkey subdomains to resolve to 127.1. That's hard to notice,
> because everything else still appears to work.

One can't really prohibit anyone from *trying* to request a resource
over some HTTPS URL, especially not in a protocol specification. But
the current WKD draft tries to specify at which point a well-behaved WKD
client makes the decision on the "correct" method.

> Practically speaking, we helped an organziation deploy WKD, and they
> had a similar problem to what Stefan is observing: the admins setup
> the direct method, but it didn't work, because their DNS automatically
> resolved all unknown subdomains to serve a 404. Unfortunately, they
> had outsourced management of their DNS and couldn't (or didn't know
> how) to disable this behavior. IIRC, in the end, they spun up an
> https server for openpgpkeys.domain.

So the core problem, as with Stefan's case, is the lack of control over
the domain's DNS settings. Which the WKD mechanism relies upon to
delegate trust to the domain operators.

I think that is a legitimate concern regarding the current WKD Internet
Draft. At least a clarification and maybe some adjustments to the
advised fall-back behavior would be in order. Let's see what Werner has
to say about it and if there are yet unclear reasons for the currently
specified way.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 13, 2021 at 10:22 AM André Colomb <andre@colomb.de> wrote:

> So the core problem, as with Stefan's case, is the lack of control over
> the domain's DNS settings. Which the WKD mechanism relies upon to
> delegate trust to the domain operators.

Hi Andre, I wouldn't formulate it this way. I already mentioned that I am able
to set up for my 300baud.de domain a couple of droplets and use as suggested
a valid wildcard subdomain cert, like I explained with the bund.de example and
I am pretty sure that GnuPG and gpg4win will then fail, same as with GitHub.

Regarding Neal's attack example, I also posted here an idea to make it for
Mallory harder, to exchange (a) key(s) from a host, serving a WKD directory,
which also does not break the specs, by simply adding to the policy file
the fingerpint(s) and putting verifiable .ots file(s), in for example,
the hu folder.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Stefan,

On 13/01/2021 17.07, Stefan Claas wrote:
> On Wed, Jan 13, 2021 at 10:22 AM André Colomb <andre@colomb.de> wrote:
>
>> So the core problem, as with Stefan's case, is the lack of control over
>> the domain's DNS settings. Which the WKD mechanism relies upon to
>> delegate trust to the domain operators.
>
> Hi Andre, I wouldn't formulate it this way. I already mentioned that I am able
> to set up for my 300baud.de domain a couple of droplets and use as suggested
> a valid wildcard subdomain cert, like I explained with the bund.de example and
> I am pretty sure that GnuPG and gpg4win will then fail, same as with GitHub.

Sorry, I have no clue what is configured, what works and what should
work regarding WKD on your 300baud.de setup. Can we please stick to one
real example, not something made up about bund.de?

What are droplets? For which domain did you generate a wildcard
certificate? What are the DNS settings on that domain? I could take a
look at what responses are returned from the real domain, but need some
information at least which OpenPGP user ID should be fetchable over WKD
from that domain. If you're even interested in learning about how to
set up WKD properly.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Wed, Jan 13, 2021 at 4:36 PM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,
>
> On 13/01/2021 17.07, Stefan Claas wrote:
> > On Wed, Jan 13, 2021 at 10:22 AM André Colomb <andre@colomb.de> wrote:
> >
> >> So the core problem, as with Stefan's case, is the lack of control over
> >> the domain's DNS settings. Which the WKD mechanism relies upon to
> >> delegate trust to the domain operators.
> >
> > Hi Andre, I wouldn't formulate it this way. I already mentioned that I am able
> > to set up for my 300baud.de domain a couple of droplets and use as suggested
> > a valid wildcard subdomain cert, like I explained with the bund.de example and
> > I am pretty sure that GnuPG and gpg4win will then fail, same as with GitHub.
>
> Sorry, I have no clue what is configured, what works and what should
> work regarding WKD on your 300baud.de setup. Can we please stick to one
> real example, not something made up about bund.de?
>
> What are droplets? For which domain did you generate a wildcard
> certificate? What are the DNS settings on that domain? I could take a
> look at what responses are returned from the real domain, but need some
> information at least which OpenPGP user ID should be fetchable over WKD
> from that domain. If you're even interested in learning about how to
> set up WKD properly.

Digital Ocean calls their VPS servers droplets and If I would set them up
as a test rig, I would use three, like '300baud.de', 'foo.300baud.de'
and 'bar.300baud.de'. In 300baud.de I would set up the WKD directory and
the SSL cert, with an entry for wildcard subdomains which would cover then
hosts foo and bar. In the WKD directory I would put then a couple of keys with
proper sample email addresses from all three hosts.

With this set-up, without noodling around with records settings at my domain
service (for ease of use and managing WKD) I stronly assume that this
set-up follows the direct method and works with sequoia-pgp properly and
should fail currently with GnuPG and gpg4win,same as it fails with GitHub.

IIRC the (old) WKD specs did not mention nor did they said that it was required
to noodle around witth domain settings, regarding the openpgpkey folder when
setting up records for hosts with a domain service provider.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 13, 2021 at 8:42 AM Daniele Nicolodi <daniele@grinta.net> wrote:
>
> On 12/01/2021 23:30, Stefan Claas wrote:
> > The reason why I like also the option for, let's say github.io pages
> > is that, like I have shown in the whole thread that a very well known
> > site like GitHub, with it's millions of software developes allows one
> > to host, via WKD, a mutli-purpose usage public-key without revealing
> > to much details.
>
> I still don't understand why you insist on WKD when it seems to do not
> support your use case, nor to offer any advantage over a simpler
>
> wget -O- https://sac001.github.io/foobar.asc | gpg --import
>
> given that the relation between the identifiers
> "stefan@sac001.github.io" or "https://sac001.github.io/foobar.asc" and
> the key you are retrieving is the same, ie none.

Hi Dan,

Good question, WKD is a valid option to retrieve pub keys with OpenPGP
apps people use and rely on. I could for example also use curl to retrieve
keys from Hagrid or SKS. ;-)

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 13/01/2021 17.56, Stefan Claas wrote:
>> What are droplets? For which domain did you generate a wildcard
>> certificate? What are the DNS settings on that domain? I could take a
>> look at what responses are returned from the real domain, but need some
>> information at least which OpenPGP user ID should be fetchable over WKD
>> from that domain. If you're even interested in learning about how to
>> set up WKD properly.
>
> Digital Ocean calls their VPS servers droplets and If I would set them up
> as a test rig, I would use three, like '300baud.de', 'foo.300baud.de'
> and 'bar.300baud.de'. In 300baud.de I would set up the WKD directory and
> the SSL cert, with an entry for wildcard subdomains which would cover then
> hosts foo and bar. In the WKD directory I would put then a couple of keys with
> proper sample email addresses from all three hosts.

That's a lot of "ifs". Right now, 300baud.de has neither A nor AAAA nor
CNAME record, so there is no server IP address to contact. Obviously
there is also no wildcard record either, as e.g. www.300baud.de does not
resolve. It's not clear to me which (sub)domain you would want to use
in a fictional OpenPGP key's user ID?

> With this set-up, without noodling around with records settings at my domain
> service (for ease of use and managing WKD) I stronly assume that this
> set-up follows the direct method and works with sequoia-pgp properly and
> should fail currently with GnuPG and gpg4win,same as it fails with GitHub.

It's actually pretty easy. If the openpgpkey... subdomain resolves
(explicit entry or DNS wildcard), then the advanced method is used.
Otherwise the simple method. That's the only difference, and it does
not depend on whatever your certificate contains.

Depending on the chosen method, you need to make sure that there is a
web server answering with a *valid* TLS certificate and with the proper
expected directory structure. There is no reason at all to "strongly
assume" any malfunction or bug in GnuPG and I assure you that it's
possible to make either method work.

The only difference for Sequoia is that it ignores your expressed intent
to use the advanced method if something is misconfigured, and falls back
to the simple method. GnuPG does not do that, because it correctly
follows the specification word by word.

> IIRC the (old) WKD specs did not mention nor did they said that it was required
> to noodle around witth domain settings, regarding the openpgpkey folder when
> setting up records for hosts with a domain service provider.

WKD is still an Internet *Draft*, so it's expected to find corner cases
like yours that are not yet 100 % unambiguous. That's what the drafting
process and public discussion is intended for. Different
interpretations should not be possible, and you found a case where
Sequoia and GnuPG really do differ. But it still does *not* say one
needs to "noodle around with domain settings". It points you to the
right spice to add just in case your domain settings are already a
noodle soup.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Wed, Jan 13, 2021 at 7:26 PM André Colomb <andre@colomb.de> wrote:
>
> On 13/01/2021 17.56, Stefan Claas wrote:
> >> What are droplets? For which domain did you generate a wildcard
> >> certificate? What are the DNS settings on that domain? I could take a
> >> look at what responses are returned from the real domain, but need some
> >> information at least which OpenPGP user ID should be fetchable over WKD
> >> from that domain. If you're even interested in learning about how to
> >> set up WKD properly.
> >
> > Digital Ocean calls their VPS servers droplets and If I would set them up
> > as a test rig, I would use three, like '300baud.de', 'foo.300baud.de'
> > and 'bar.300baud.de'. In 300baud.de I would set up the WKD directory and
> > the SSL cert, with an entry for wildcard subdomains which would cover then
> > hosts foo and bar. In the WKD directory I would put then a couple of keys with
> > proper sample email addresses from all three hosts.
>
> That's a lot of "ifs". Right now, 300baud.de has neither A nor AAAA nor
> CNAME record, so there is no server IP address to contact. Obviously
> there is also no wildcard record either, as e.g. www.300baud.de does not
> resolve. It's not clear to me which (sub)domain you would want to use
> in a fictional OpenPGP key's user ID?

There is currently no server running under my 300baud.de domain.
I had to shut them down due to recent changes in DO's TOS.
>
> > With this set-up, without noodling around with records settings at my domain
> > service (for ease of use and managing WKD) I stronly assume that this
> > set-up follows the direct method and works with sequoia-pgp properly and
> > should fail currently with GnuPG and gpg4win,same as it fails with GitHub.
>
> It's actually pretty easy. If the openpgpkey... subdomain resolves
> (explicit entry or DNS wildcard), then the advanced method is used.
> Otherwise the simple method. That's the only difference, and it does
> not depend on whatever your certificate contains.
>
> Depending on the chosen method, you need to make sure that there is a
> web server answering with a *valid* TLS certificate and with the proper
> expected directory structure. There is no reason at all to "strongly
> assume" any malfunction or bug in GnuPG and I assure you that it's
> possible to make either method work.

Mmmh, probably we can discuss this *valid* until we get blue in the face ...
>
> The only difference for Sequoia is that it ignores your expressed intent
> to use the advanced method if something is misconfigured, and falls back
> to the simple method. GnuPG does not do that, because it correctly
> follows the specification word by word.

Which would make sense to me and thankfully sequoia-pgp does this.

> > IIRC the (old) WKD specs did not mention nor did they said that it was required
> > to noodle around witth domain settings, regarding the openpgpkey folder when
> > setting up records for hosts with a domain service provider.
>
> WKD is still an Internet *Draft*, so it's expected to find corner cases
> like yours that are not yet 100 % unambiguous. That's what the drafting
> process and public discussion is intended for. Different
> interpretations should not be possible, and you found a case where
> Sequoia and GnuPG really do differ. But it still does *not* say one
> needs to "noodle around with domain settings". It points you to the
> right spice to add just in case your domain settings are already a
> noodle soup.

Draft, yes I know and I desperately hope with this whole thread that
Werner and most important OpenPGP users and organizations around
the globe think about this, because it could have IMHO a *major* impact
for OpenPGP key distribution, when it comes to easy set-up and maintaining
themselve a WKD service while not relying on third parties, like Hagrid or
later the hockeypuck Network, for whatever reasons people may have.

sequoia did the right step and I hope for people relying on GnuPG that
it is possible for them in the future too.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hello Stefan!


[...]
> sequoia did the right step and I hope for people relying on GnuPG that
> it is possible for them in the future too.

So did Sequoia do that?
You consider not to follow policies "the right step"?
Sorry, but you dont have a clue about security!

The only right way is to follow policies word by word.

So far you only presented us assumptions here, with a non working setup,
and also a setup which never was intended for such a case.

m2c
Juergen
--
/¯\ No |
\ / HTML | Juergen Bruckner
X in | juergen@bruckner.email
/ \ Mail |

On Wed, Jan 13, 2021 at 9:24 PM Juergen Bruckner via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> Hello Stefan!
>
>
> [...]
> > sequoia did the right step and I hope for people relying on GnuPG that
> > it is possible for them in the future too.
>
> So did Sequoia do that?
> You consider not to follow policies "the right step"?
> Sorry, but you dont have a clue about security!
>
> The only right way is to follow policies word by word.
>
> So far you only presented us assumptions here, with a non working setup,
> and also a setup which never was intended for such a case.

Hi Juergen,

looks like you are a bit upset, like probably others as well.

That is good and I hope people understand what this whole thread
is about! Regarding security, can you give us a valid example
what security implications you see? I trust the sequoia team, for
example, strongly assuming, that they know how to implement
fetching a binary blob without any problems.

BTW. If I remember correctly you once (or I did that?) presented
a link from Austrian Goverment authorities using OpenPGP keys
on their web pages.

I am not aware how their network is set-up and it is not my business,
but would you not agree that it would be very nice to have a wildcard
subdomain solution, for all their inhouse offices and employees email
addresses, while managing themselves key distribution?

BTW. For GitHub users ... :-) ( a nice addition too, when it comes
to OpenPGP keys)

https://keyoxide.org/guides/github

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Wed, 13 Jan 2021, Juergen Bruckner via Gnupg-users wrote:

> Hello Stefan!

Hi all,

>
>
> [...]
>> sequoia did the right step and I hope for people relying on GnuPG that
>> it is possible for them in the future too.
>
> So did Sequoia do that?
> You consider not to follow policies "the right step"?
> Sorry, but you dont have a clue about security!
>
> The only right way is to follow policies word by word.

That is certainly correct. But: WKD is "just" a draft, so it's open to
suggestions for change. "Ignore invalid certificates of the advanced URL"
is one suggestion.

In my view, this whole, lengthy thread boils down to the question, whether
we want that or we don't want that.

Let me share my two cents:

I *feel*, like invalid certificates of advanced WKD URLs should not be
ignored, because this indicates, something is not as it should be (e.g. it
is "unclean"). The fact, that this might slow down WKD deployment, because
it makes the dns setup *slightly* harder, stands against this feeling.

btw: I just recently changed (motivated by this thread) from the direct to
the advanced method of WKD deployment, eliminating the need for a reverse
proxy on archlinux32.org - and the need for a "no-wildcard" TXT record on
openpgpkey.archlinux32.org. ... why on earth did I set it up with the
direct method in the first place? ;-)

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl//XlgACgkQCu7JB1Xa
e1rm+Q/+ImdVv9mimg7aRC5aceS/iYqqZwUhWdvVZEs6s/9bVJf1Ur1MyhoySU2U
BhDZknlwJY9UUw54x1Pk2wASABlzpcpr2XmTLmgmpBr3ti3nMkhK/fDLT537EOlz
H8ngzdUA/Hj3suGlhfMgGoUyh2PDsF9N3y3mPVKs0ym7qWaPwSc6NPi05pKzetYk
Y4qPIezFD8vX3dWUJTShVgppdusWtekKmPJ8oFAb+J+Ccwc+G/oaTysfH2X5azF9
YOnWb5Sed61fqynPjTFcJ5uTwCnxl9e96plCaw2kricBGoH+/siskO0KYZ0aWGrB
5b4vKDJd+gmu8Iwb3vKSKUsFpK5ek9M9IThGKA8etNYjYDkLzWTmXjZ3+HjvaF/+
zf+koPNWZIPmd6g2HMGyM5k7nftfg3Qze8NDDvR1JN68+0kKxdMl5Hf0OAZ0Babj
luRqFcLw8rLZWd93DsiTevYMFa3vTnao2S0fHgoBpgCeTpeW/euDJWKH/0N8Bnjk
zarOhDXSDJQZEi76zIgicE7eWY7VgYJcf3xolAmuA90Qf7UOdor5Ub4KWLgrMgQd
NTwsP7tqrXougtcmIoe7MXTdiacO7bSKxPso7z3e53FeDH+pvO9j8q8T99zWSvFR
JXVxAZ8dTO3INA7GwLAY2pa5IY8WTeJCSh0fj0P+QArezFd1NeA=
=tA3p
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 13, 2021 at 10:00 PM Erich Eckner via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Wed, 13 Jan 2021, Juergen Bruckner via Gnupg-users wrote:
>
> > Hello Stefan!
>
> Hi all,
>
> >
> >
> > [...]
> >> sequoia did the right step and I hope for people relying on GnuPG that
> >> it is possible for them in the future too.
> >
> > So did Sequoia do that?
> > You consider not to follow policies "the right step"?
> > Sorry, but you dont have a clue about security!
> >
> > The only right way is to follow policies word by word.
>
> That is certainly correct. But: WKD is "just" a draft, so it's open to
> suggestions for change. "Ignore invalid certificates of the advanced URL"
> is one suggestion.

Correct a suggestion and Neal for example discussed this with his
team in the past and they gave users, like me, the ability for a
working solution, without IMHO breaking the specs.

> In my view, this whole, lengthy thread boils down to the question, whether
> we want that or we don't want that.

Well, I see this a bit different. If it comes to discussions or votes
on this ML here or the IETF ML, than this is only a minority IMHO
and it can also been down voted etc.

As you said this is a draft It should formulated this way IMHO that it
allows the greatest flexibility in a protokoll, to fulfill all use cases,
when it comes to WKD. I also understand that WKD is Werner's baby
but when a draft or an RFC is present than it should be allowed to
have a healthy discussion.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Am 13. Januar 2021 21:44:07 MEZ schrieb Stefan Claas via Gnupg-users <gnupg-users@gnupg.org>:
>Hi Juergen,
>
>looks like you are a bit upset, like probably others as well.

I hope others don't mind me speaking in their names. Stefan, we are upset by you making false accusations about which software does something right or wrong. Both softwares are reacting differently to an error which lies in your TLS certificate usage (as several people have proven multiple times). You're not even to blame for that root cause, because it is not under your control. Don't only look at the end result, but please try to understand that the cause lies deeper than just the spec or the clients you tried.

>I am not aware how their network is set-up and it is not my business,
>but would you not agree that it would be very nice to have a wildcard
>subdomain solution, for all their inhouse offices and employees email
>addresses, while managing themselves key distribution?

It's a little unclear what *exactly* you mean with "a wildcard subdomain solution". WKD can work perfectly with wildcards involved, both on the DNS and TLS levels. But such things can be misconfigured and the spec even explicitly mentions one possible pitfall including a solution.

Reactions to that kind of misconfiguration should also be standardized in the spec. That's all there is to criticize, IMHO.

Kind regards
André


--
Greetings...
From: André Colomb <andre@colomb.de>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, Jan 13, 2021 at 11:45 PM André Colomb <andre@colomb.de> wrote:
>
> Am 13. Januar 2021 21:44:07 MEZ schrieb Stefan Claas via Gnupg-users <gnupg-users@gnupg.org>:
> >Hi Juergen,
> >
> >looks like you are a bit upset, like probably others as well.
>
> I hope others don't mind me speaking in their names. Stefan, we are upset by you making false accusations about which software does something right or wrong. Both softwares are reacting differently to an error which lies in your TLS certificate usage (as several people have proven multiple times). You're not even to blame for that root cause, because it is not under your control. Don't only look at the end result, but please try to understand that the cause lies deeper than just the spec or the clients you tried.

I am fully ok with that. All my replies here where not intended to
"accuse" someone! In my OP
I kindly asked if a kind soul can help me and IIRC it was mentioned
that the direct method
is fine and I figured out that GnuPG seems not to try the direct
method while sequoia-pgp
tries the direct method.

It had been *really* nice if Werner had chimed in, like Neal, and had
explained by himself
why this is a definetly a no-go to try the direct-method first, or in
case why when the advanced
method failed it does not try the direct method and what security
implications this has.

Maybe, I don't know, readers here on the ML are asking themselves now why do we
have two methods, e.g. what is their purpose and what informations can
one gain from
an IMHO very nice WKD checker, Wiktor has created.

If the draft will be changed in the future to only allow the advanced-method and
the direct-method will be dropped, ok, I have to accept this, for
GitHub usage and
whatever sites have a similar set-up and that's it. Then maybe a question, from
readers may come up, why it was dropped, when it was implemented in the first
place, regardless of GitHub etc.

> >I am not aware how their network is set-up and it is not my business,
> >but would you not agree that it would be very nice to have a wildcard
> >subdomain solution, for all their inhouse offices and employees email
> >addresses, while managing themselves key distribution?
>
> It's a little unclear what *exactly* you mean with "a wildcard subdomain solution". WKD can work perfectly with wildcards involved, both on the DNS and TLS levels. But such things can be misconfigured and the spec even explicitly mentions one possible pitfall including a solution.

I think I have explained, at least for an expert like you, my set-up
for 300baud.de, I would
use. As soon as time permits I will do this, even if this cost me
money I can spend for other things. But I gives me then a better
overview and I can correct myself while thinking my
set-up would be equally to GitHub's set-up. In case I get stucked I
would like to ask you
for advise. Please note: I will not use the advanced method, I like to
see if this will work
with sequoia-pgp and GnuPG.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-13 at 10:12 +0100, Neal H. Walfield wrote:
> I'd like to clarify what Sequoia is doing (wrong).
> (...)


Hello Neal

Thanks for chiming in and explaining the steps taken by sequoia.

I'll try to re-focus this subthread back on the initial topic of your
email.



> The I-D says "Only if the required sub-domain does not exist, they
> SHOULD fall back to the direct method." The text doesn't say: "If
> there is an error, they SHOULD fallback to the direct method unless
> the required sub-domain does not exist, in which case they MUST NOT
> fall back to the direct method." So, strictly speaking, I don't
> think Sequoia is violating the specification.

I understand this to mean it as "only use the direct method if the
required sub-domain does not exist", with the SHOULD meaning that the
direct method is not required (not sure why, I would have probably used
a MUST). As such, I do think sequoia is non-conformant, although I'm
more interested in determining the proper behaviour of a WKD client.



> We thought about this question, but we couldn't figure out a
> satisfactory answer. The worst attack we could come up with is:
> (...)
> So sure, that's possible, but it seems like WKD shouldn't foo.com's
> biggest worry in that case.

I can make up some scenarios where foo.com is hosted on EvilCDN and
openpgpkey.foo.com in a safe server. But I agree that's not too likely.

I think it would be good that sq stopped after processing
openpgpkey.foo.com, mainly to follow the principle of least surprise.

If the key can only be placed in one place, then it MUST be good (or
bad, but it will be consistent).

If the admins wanted to use the advanced method, but misconfigured it,
while testing only with sequoia (but having a good direct method), they
would be misled to think WKD is properly implemented, while it is not.

The team managing foo.com may be completely different (e.g. marketing)
than those handling pgp keys (e.g. email sysadmins). By keeping the
openpgpkey subdomain for themselves, the admins can give complete
control of the apex website to marketing (known to fill their
credentials on phishing pages from time to time) without letting them
any access to publish pgp keys.

Hard to debug errors: "when fetching your key via wkd, I do receive
your key from your server, but it expired in 2018!" can have people
scratching their head for a long time (the last key is there, there is
no 2018 key stored here…) until figuring that the server certificate of
openpgpkey.foo.com expired (and they had an old key on the main
website). A direct error "Certificate of openpgpkey.foo.com expired 2
days ago" would have been much clearer.




> On the other hand, implementing this prohibition means that a DNS
> server can prevent its clients from using WKD by forcing all
> openpgpkey subdomains to resolve to 127.1. That's hard to notice,
> because everything else still appears to work.

I think it's the other way round. If sequoia falls back to the direct
method and returns "No WKD key published for jdoe@foo.com", it will get
unnoticed. A hard error of "Couldn't connect to openpgpkey.foo.com
(127.0.0.1)" or "The certificate of openpgpkey.foo.com (1.2.3.4) is not
trusted" would make it noticeable.


Probably the most important part of the rule: "all implementations of
WKD should behave in the same way". I don't mind if it was gnupg that
was changed to behave like sequoia, but given identical conditions,
ideally all clients (and the draft reading) should produce the same
result (find key X, an error, etc.).



> we helped an organization deploy WKD, and they had a similar problem…

It was misconfigured. Spawning a https server for openpgpkeys (as they
did) is a way to solve it. They could as well have made a openpgpkeys
record pointing to the same server as the apex domain, and use a
certificate with both names. Or even install the keys on the server
providing the 404. It seems the wrong to make it an issue for the
client to figure out where the keys may be.
There is a long story of browsers helpfully "fixing" the encoding or
Content-type of files, which caused a lot of harm in the long term to
avoid security issues derived from browser sniffing changing to
insecure defaults, when people really meant what they said. It seems
difficult the same could happen here, but the idea that the server
should be properly set up, rather than the client fixing the errors for
the user is the same.



I would recommend to remove the or_else case and fail with an error if
the advanced method is (supposedly) set up but fails. At least, I think
there should be a diagnostic e.g. "WKD advanced method configured but
broken. Connection to openpgpkey.foo.com (1.2.3.4) failed: Bad
certificate. Trying direct method" although I would prefer a hard
error.
(Of course, if the user explicitly requested the client/library to only
use the direct method, ignore certificate errors, etc. it'd be fine to
do so)



Best regards


PS: If I'm reading your code correctly, it would not only fall back to
the apex domain in case of a certificate error, but also if the key is
not found (404), which could result in removing a key (by deleting the
container file) having the unintended effect of finding a result
through the direct method.

PPS: Another benefit would be that we could have avoided this long
thread. :-)



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Thu, Jan 14, 2021 at 1:50 AM Ángel <angel@pgp.16bits.net> wrote:

> PPS: Another benefit would be that we could have avoided this long
> thread. :-)

The greatest benefit would have been if the author of WKD, namly Werner Koch,
had been so kind to explain to us why WKD needs two methods and what
security implications it has when an application falls back to a valid
direct-method,
instead of people defending him or his implementation. :-)

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Hi Ángel,

thanks for your contribution with a clear focus.

On 14/01/2021 01.47, Ángel wrote:
> Probably the most important part of the rule: "all implementations of
> WKD should behave in the same way". I don't mind if it was gnupg that
> was changed to behave like sequoia, but given identical conditions,
> ideally all clients (and the draft reading) should produce the same
> result (find key X, an error, etc.).

I agree with that. And the next draft version SHOULD be very clear
about this to avoid future discussions :-)

> I would recommend to remove the or_else case and fail with an error if
> the advanced method is (supposedly) set up but fails. At least, I think
> there should be a diagnostic e.g. "WKD advanced method configured but
> broken. Connection to openpgpkey.foo.com (1.2.3.4) failed: Bad
> certificate. Trying direct method" although I would prefer a hard
> error.

Definitely, the decision which method to try should be very simple, as
the WKD draft intended. Only one decision point instead of many paths
leading back to a change of method.

> (Of course, if the user explicitly requested the client/library to only
> use the direct method, ignore certificate errors, etc. it'd be fine to
> do so)

That's an excellent suggestion, giving Sequoia an option to force trying
one method or the other. I don't know if adding as many command line
switches as gpg has is your cup of tea, but e.g. an environment variable
could be used to really make it a "debugging" type of option. The great
benefit is that Sequoia can then act as a WKD checker, which should
always examine the intended, but possibly misconfigured, method or even
both.

> PPS: Another benefit would be that we could have avoided this long
> thread. :-)

I couldn't resist trying to help Stefan understand where the error lies,
so apologies for my share of the message flood :-)

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

Hi Stefan,

On 14/01/2021 08.01, Stefan Claas via Gnupg-users wrote:
> The greatest benefit would have been if the author of WKD, namly Werner Koch,
> had been so kind to explain to us why WKD needs two methods and what
> security implications it has when an application falls back to a valid
> direct-method,
> instead of people defending him or his implementation. :-)

I think Werner would have participated in the discussion already if
other people's explanations had been incorrect. It's an open standard,
and your focus on one person who happens to be the registered author
doesn't help. If you insist on Werner's personal opinion, then you
should maybe contact him directly instead of the GnuPG-Users list.
Knowing well that he has no obligation to reply to anyone.

Hopefully my (and others') attempts to explain / defend the WKD
specification were still useful to you.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On 14/01/2021 00.06, Stefan Claas wrote:
> Maybe, I don't know, readers here on the ML are asking themselves now why do we
> have two methods, e.g. what is their purpose and what informations can
> one gain from
> an IMHO very nice WKD checker, Wiktor has created.

Quoting from your own mail:
"As you said this is a draft It should formulated this way IMHO that it
allows the greatest flexibility in a protokoll, to fulfill all use
cases, when it comes to WKD."

https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064645.html

Nobody wants to remove any method, as that would reduce flexibility.
The "advanced method" is not more complicated to set up, it's just a
matter of preference really.

> I think I have explained, at least for an expert like you, my set-up
> for 300baud.de, I would use.

I repeat, it's not clear to me yet. But let's stop here and discuss
that when you have the basics up and running.

> As soon as time permits I will do this, even if this cost me
> money I can spend for other things. But I gives me then a better
> overview and I can correct myself while thinking my
> set-up would be equally to GitHub's set-up. In case I get stucked I
> would like to ask you
> for advise. Please note: I will not use the advanced method, I like to
> see if this will work
> with sequoia-pgp and GnuPG.

You don't need to spend money just to prove anything to the ML
subscribers. But when you do try, I offer to help with any problems
coming up. You should not rule out the advanced method yet. Depending
on your setup, it might actually be the easier route if wildcard domains
are involved.

Kind regards
André

--
Greetings...
From: André Colomb <andre@colomb.de>

On Thu, 14 Jan 2021 01:47, Ángel said:

> I understand this to mean it as "only use the direct method if the
> required sub-domain does not exist", with the SHOULD meaning that the
> direct method is not required (not sure why, I would have probably used

Right. The subdomain is actually a workaround for SRV RR. We can't
use the latter in browser based implementation and thus need to resort
to this hack.

SHOULD was used to allow the direct method in existing use cases.

In case this has not yet been mention: If wildcards are used in the DNS
a dummy TXT RR should be used to except the openpgpkey subdomain from
wildcarding.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

On Thu, Jan 14, 2021 at 9:35 AM André Colomb <andre@colomb.de> wrote:
>
> On 14/01/2021 00.06, Stefan Claas wrote:
> > Maybe, I don't know, readers here on the ML are asking themselves now why do we
> > have two methods, e.g. what is their purpose and what informations can
> > one gain from
> > an IMHO very nice WKD checker, Wiktor has created.
>
> Quoting from your own mail:
> "As you said this is a draft It should formulated this way IMHO that it
> allows the greatest flexibility in a protokoll, to fulfill all use
> cases, when it comes to WKD."
>
> https://lists.gnupg.org/pipermail/gnupg-users/2021-January/064645.html
>
> Nobody wants to remove any method, as that would reduce flexibility.
> The "advanced method" is not more complicated to set up, it's just a
> matter of preference really.

Yes, but as you IIRC said to me that direct-method usage is fine and
Wiktor's WKD checker gave also a green light for the direct-method
for my GitHub set-up, you see that it is still not working with GnuPG.

> > I think I have explained, at least for an expert like you, my set-up
> > for 300baud.de, I would use.
>
> I repeat, it's not clear to me yet. But let's stop here and discuss
> that when you have the basics up and running.
>
> > As soon as time permits I will do this, even if this cost me
> > money I can spend for other things. But I gives me then a better
> > overview and I can correct myself while thinking my
> > set-up would be equally to GitHub's set-up. In case I get stucked I
> > would like to ask you
> > for advise. Please note: I will not use the advanced method, I like to
> > see if this will work
> > with sequoia-pgp and GnuPG.
>
> You don't need to spend money just to prove anything to the ML
> subscribers. But when you do try, I offer to help with any problems
> coming up. You should not rule out the advanced method yet. Depending
> on your setup, it might actually be the easier route if wildcard domains
> are involved.

Thanks for the kind offer, like I said I will not use the advanced-method,
because it has a purpose, which I like to test and see and then if everything
works as expected I will also tell why not an advanced-method.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Thu, Jan 14, 2021 at 9:42 AM André Colomb <andre@colomb.de> wrote:
>
> Hi Stefan,
>
> On 14/01/2021 08.01, Stefan Claas via Gnupg-users wrote:
> > The greatest benefit would have been if the author of WKD, namly Werner Koch,
> > had been so kind to explain to us why WKD needs two methods and what
> > security implications it has when an application falls back to a valid
> > direct-method,
> > instead of people defending him or his implementation. :-)
>
> I think Werner would have participated in the discussion already if
> other people's explanations had been incorrect. It's an open standard,
> and your focus on one person who happens to be the registered author
> doesn't help. If you insist on Werner's personal opinion, then you
> should maybe contact him directly instead of the GnuPG-Users list.
> Knowing well that he has no obligation to reply to anyone.

And that is the reason why I did not contacted him and maybe you
and everybody else remember that I asked in my initial post for
help from the community.
>
> Hopefully my (and others') attempts to explain / defend the WKD
> specification were still useful to you.

it does not matter if it was useful for me, but at least it shows how
the GnuPG ecosystem works, so that the interested reader can form an
own opinion. My intitial post was a help request and I also explained
why it IMHO would be good to have such a solution, which
would not hurt the GnuPG ecosystem in any form and would be
IMHO an enrichment for GnuPG usage. I can only say *big thanks*
to the sequoia team that sq.exe can handle this.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Thu, Jan 14, 2021 at 04:33:00PM +0100, Stefan Claas via Gnupg-users <gnupg-users@gnupg.org> wrote:

> [...] My initial post was a help request and I also explained
> why it IMHO would be good to have such a solution, which
> would not hurt the GnuPG ecosystem in any form and would be
> IMHO an enrichment for GnuPG usage.
>
> Best regards
> Stefan

[.Note: First 3 paragraphs are mostly me being stupid -
please bear with me]

It sounded to me like you would like gnupg to have a
bug added to it, whereby it accepts invalid
certificates for sub-sub-domains, when the certificate
is only valid for sub-domains.

To me, that doesn't sound like it "would not hurt the
GnuPG ecosystem in any form". To me, that sounds like a
security bug, in the sense that it could lead users to
think that a certificate is valid, when it isn't.

If the ability to not validate certificates exists or
gets added to gnupg, it wouldn't be turned on by
default, so I'm not sure that it would even help your
use case. The only people who could fetch your keys
would be the ones who had disabled certificate
validation.

But of course, you're not asking for that. You're just
asking for something to work. There must be other ways.
Accepting invalid certificates might just have been my
first thought at how to deal with this. But that would
enable the advanced method to work (in situations where
it shouldn't). If I remember correctly (possibly not),
you wanted the direct method to work, and github.io's
mis-configuration of certificates caused the advanced
method to be attempted and fail, before the direct
method could even be attempted.

It's been suggested that, when the certificate for
openpgpkey.*.github.io is found to be invalid, WKD
clients could failover to the direct method (like
sequoia does). Then at least the direct method would
work with github.io sub-domains. That sounded good (to
a non-expert like me). But perhaps it's a bit
inefficient. But at least it's automatic.

Another possible solution might be for WKD clients to
have a list of domains to skip when doing the advanced
method. If it had "openpgpkey.*.github.io" by default,
then it would know not to try to resolve
openpgpkey.*.github.io at all. Any domain that hands
out invalid certificates for sub-sub-domains could be
in the skip list. The currently documented solution to
this expects the administrators of such
(mis-configured) domains to add DNS records to prevent
this, but when you can't rely on that happening,
allowing the client/user to exclude them could be
another option. And it wouldn't require accepting
invalid certificates. And it would eliminate the
attempt to use those domains so it would be more
efficient. But it does require additional configuration
that the above method doesn't require. A built-in
default skip list would help with that.

You still couldn't use the advanced method with
github.io (until they start issuing a wildcard
certificate for each sub-domain), but that's probably
OK. I just had a look at https://wiki.gnupg.org/WKD and
it doesn't refer to "advanced" or "direct" methods. It
seems to consider the "direct" method as the main
method, and the "advanced" method as a "Stopgap method"
which is "Not recommended - but a temporary
workaround". So having an additional mechanism to
disable the "advanced" method sounds reasonable. Or
maybe the wiki page needs to be updated(?).

I'm really not an expert, and the above might not make
any sense. I'm just thinking aloud.

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 15, 2021 at 2:04 AM raf via Gnupg-users
<gnupg-users@gnupg.org> wrote:

[...]

> I'm really not an expert, and the above might not make
> any sense. I'm just thinking aloud.

Me neither ... :-) For me, the questions I had is still unresolved
when it comes to properly explaing what security implication
it gives, when for example sequoia-pgp can handle this and
why the draft explicity says it MUST use the advanced-method
first.

Don't you think when GitHub, a major player, would have an invalid
SSL cert, that maybe one of the millions programmers there would not
have contacted GitHub, like I did, and say hey GithHub you serve
the global community and visitors an invalid SSL certificate? I must
admit that I also do not understand what you mean with sus-sub
domains. My GitHub page is sac001.github.io and not foo.bar.github.io
or whatever. If Werner had told me/us, hey look, according to my draft
the advanced method MUST been used because of this and that
security implication and it is not allowed in this case to fall back
if an (for WKD) invalid cert is present, because of this/that security
issue, I guess then I had a better understanding and then I guess
also the sequoia team would never had done it so that it works
with sequoia-pgp.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Am 15. Januar 2021 01:56:04 MEZ schrieb raf via Gnupg-users <gnupg-users@gnupg.org>:
>But of course, you're not asking for that. You're just
>asking for something to work. There must be other ways.
>Accepting invalid certificates might just have been my
>first thought at how to deal with this. But that would
>enable the advanced method to work (in situations where
>it shouldn't). If I remember correctly (possibly not),
>you wanted the direct method to work, and github.io's
>mis-configuration of certificates caused the advanced
>method to be attempted and fail, before the direct
>method could even be attempted.

I'll try to complete your summary. The DNS wildcard entry for *.example.github.io leads to the advanced method being tried. We can't change that entry, and therefore with the current protocol draft, it makes no sense forcefully wanting to use the direct method.

It's easy to set up the advanced method there. But GitHub uses an invalid TLS certificate for openpgpkey.example.github.io. That's what needs fixing and it is also out of our control.

So basically Stefan's request is to change the protocol to work around a misconfiguration because both DNS and the TLS certificate are controlled by a company that offers the service totally unrelated to WKD. Such a workaround could hurt the ecosystem because it may hide a misconfiguration in setups where the operator does have control over these things and just needs to notice.

>OK. I just had a look at https://wiki.gnupg.org/WKD and
>it doesn't refer to "advanced" or "direct" methods. It
>seems to consider the "direct" method as the main
>method, and the "advanced" method as a "Stopgap method"
>which is "Not recommended - but a temporary
>workaround". So having an additional mechanism to
>disable the "advanced" method sounds reasonable. Or
>maybe the wiki page needs to be updated(?).

Sorry, you just misread that part. The stopgap solution is to use a server operated by openpgp.org instead of your own web server. For that to work, you must set up the advanced method for WKD on your domain's DNS. That method is perfectly fine and in some scenarios even easier to use.

Kind regards
André

Hi raf,

thanks for your perspective on the matter.

--
Greetings...
From: André Colomb <andre@colomb.de>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-15 at 07:56 +0100, Stefan Claas via Gnupg-users wrote:
> Don't you think when GitHub, a major player, would have an invalid
> SSL cert, that maybe one of the millions programmers there would not
> have contacted GitHub, like I did, and say hey GithHub you serve
> the global community and visitors an invalid SSL certificate? I must
> admit that I also do not understand what you mean with sus-sub
> domains. My GitHub page is sac001.github.io and not foo.bar.github.io
> or whatever.

By sub-sub-domains we are all talking about pages such as
https://openpgpkey.sac001.github.io or https://helloworld.sac001.github.io

Go there, click those links. You will see that -*after forcing your browser
to ignore the invalid certificate*- there is a web page there returning
a message of "Site not found", "404 There isn't a GitHub Pages site
here".

*I* don't know why they have such domains resolving. It may have been
simpler to configure the dns server that way, or perhaps they just
missed it. The funny think is, I don't think there's a way to create a
page in helloworld.sac001.github.io or openpgpkey.sac001.github.io, so
these sites are mostly useless (if not directly problematic such as in
WKD case), and I guess that's why noone really bothered about the
invalid certificate for them (which isn't easy to solve, either).

I don't know what process you used to contact GitHub support, but the
question to ask would be precisely this:
> Why is there something on https://openpgpkey.sac001.github.io ? How
> can I modify it? If there is not, could you make it not to resolve?



The reasons why it is picked has been, I think, explained already many
times in this thread.

Best regards


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 15, 2021 at 7:39 PM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-15 at 07:56 +0100, Stefan Claas via Gnupg-users wrote:
> > Don't you think when GitHub, a major player, would have an invalid
> > SSL cert, that maybe one of the millions programmers there would not
> > have contacted GitHub, like I did, and say hey GithHub you serve
> > the global community and visitors an invalid SSL certificate? I must
> > admit that I also do not understand what you mean with sus-sub
> > domains. My GitHub page is sac001.github.io and not foo.bar.github.io
> > or whatever.
>
> By sub-sub-domains we are all talking about pages such as
> https://openpgpkey.sac001.github.io or https://helloworld.sac001.github.io
>
> Go there, click those links. You will see that -*after forcing your browser
> to ignore the invalid certificate*- there is a web page there returning
> a message of "Site not found", "404 There isn't a GitHub Pages site
> here".
>
> *I* don't know why they have such domains resolving. It may have been
> simpler to configure the dns server that way, or perhaps they just
> missed it. The funny think is, I don't think there's a way to create a
> page in helloworld.sac001.github.io or openpgpkey.sac001.github.io, so
> these sites are mostly useless (if not directly problematic such as in
> WKD case), and I guess that's why noone really bothered about the
> invalid certificate for them (which isn't easy to solve, either).
>
> I don't know what process you used to contact GitHub support, but the
> question to ask would be precisely this:
> > Why is there something on https://openpgpkey.sac001.github.io ? How
> > can I modify it? If there is not, could you make it not to resolve?
>
>
>
> The reasons why it is picked has been, I think, explained already many
> times in this thread.

In this whole thread here there have been made a lot arguments from all
involved people, which is of course good!

Non technically spoken (let us forget for a moment DNS, SSL, wildcards etc.)

If you or someone else set's up a web server, for a big organisation or for
yourself, you simple put in the .well-known folder some content which would look
most likely then like this:

http://domain.tld/.well-known/etc... or maybe
https://sub.domain.tld/.well-known/etc...

If someone writes now a program which needs to access content in the
well-known folder, why does a software author needs to implement two methods to
access the well-known folder? This part for example I do not understand,
because if one method is not good or secure enough I would simply drop
one method an implement only the more secure and more reliable one, or not?

The situation we now have is that we have two popular OpenPGP apps
which handle the access to the well-known openpgp directory differently,
which nobody can deny.

Let's assume the following GitHub and Werner would have a meeting
and they would find no consensus. I for example can say I don't care
about a draft and happily promote sequoia-pgp usage over GnuPG
usage, in case OpenPGP users would like to use GitHub and WKD
for a multi-purpose OpenPGP too. That would Werner and a couple
of other probably pi*#-off very much but I do not have done something
wrong and people are allowed to do the same.

So in the end I personally think that It can't be wrong if Werner would
discuss this and would act accordingly in a way that we all have
a clear overview of his WKD project. I for example have found a WKD
Golang library which, when noodling a bit around, I can customize to
my hearts content for other crypto apps and then can present a WKD
solution, based on the direct method for other non-OpenPGP software.

Since this is all OpenSource and no commercial licensed software
people have many options without following a draft ...

My intention was only to promote WKD OpenPGP usage for github.io
pages in case people like the idea.

How did I contacted GitHub? I simply used their contact form
filled in my request and received then a support ticket and
at the end I was asked to fill out a customer survey, e.g quality
etc. of the support I received. That is common with almost all
U.S. based companies.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 15, 2021 at 07:56:16AM +0100, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:

> On Fri, Jan 15, 2021 at 2:04 AM raf via Gnupg-users
> <gnupg-users@gnupg.org> wrote:
>
> [...]
>
> > I'm really not an expert, and the above might not make
> > any sense. I'm just thinking aloud.
>
> Me neither ... :-) For me, the questions I had is still unresolved
> when it comes to properly explaing what security implication
> it gives, when for example sequoia-pgp can handle this and
> why the draft explicity says it MUST use the advanced-method
> first.
>
> Don't you think when GitHub, a major player, would have an invalid
> SSL cert, that maybe one of the millions programmers there would not
> have contacted GitHub, like I did, and say hey GithHub you serve
> the global community and visitors an invalid SSL certificate?

I would. But that doesn't seem to have happened. I can
only assume that github.io users aren't making much
using sub-sub-domains of their sub-domains, or if they
are, then they are not using TLS with those
sub-sub-domains, so the invalid certificate isn't
causing them any issues.

Github could probably create valid wildcard
certificates for sub-sub-domains (now that letsencrypt
supports wildcard certificates), but it seems that they
only have one certificate that covers their domains and
sub-domains, but they then hand them out for
sub-sub-domains as well. That is very odd behaviour on
their part. They must know that that is an invalid use
of their certificate. They are very clever people.

> I must admit that I also do not understand what you
> mean with sus-sub domains.

It's sub-sub-domain, not sus-sub-domain. Sorry if I
mistyped it.

The "sub-domain" is the sub-domain of github.io, e.g.:

sac001.github.io

The "sub-sub-domain" is the sub-domain of a sub-domain, e.g.:

openpgpkey.sac001.github.io

Github's web server is handing out the same certificate
for both your sub-domain and your sub-sub-domain, even
though it is not valid for your sub-sub-domain. It is
only valid for the following hostnames which includes
your sub-domain (but not your sub-sub-domain):

www.github.com
*.github.com
github.com
*.github.io
github.io
*.githubusercontent.com
githubusercontent.com

You can see this for yourself in Firefox, by going to
https://sac001.github.io/, clicking on the padlock,
then clicking on the right "arrow" to the right of
"Connection secure", then clicking on "More
information".

Github's web server should really just hand out this
certificate for hostnames that are covered by it, but
instead, they hand it out for sub-sub-domains that are
not covered by it.

The best solution would be for github, when handing out
sub-domains, to register a letsencrypt wildcard
certificate for that sub-domain's sub-sub-domains. In
your sub-domain's case, such a certificate would cover:

*.sac001.github.io.

But there is no certificate that covers that sub-sub-domain.
That's why browsers complain if you go to
https://openpgpkey.sac001.github.io/.

I think that letsencrypt didn't originally support
wildcard certificates. That might have something to do
with what github are doing. But they do support them
now, so this could be fixed by github. But there might
have to be a reasonable number of users asking for it,
for that to happen. It would take some effort on
github's part to fix this, and there's probably no
money in it for them.

> My GitHub page is sac001.github.io and not foo.bar.github.io
> or whatever.

Yes, but openpgpkey.sac001.github.io is a
sub-sub-domain and it is instrumental in the advanced
method. When a WKD client attempts to fetch a key for
stefan@sac001.github.io, they try to resolve that
sub-sub-domain, and the DNS resolution succeeds, and
the webserver hands out a certificate for that domain
which happens to be invalid.

> If Werner had told me/us, hey look, according to my draft
> the advanced method MUST been used because of this and that
> security implication and it is not allowed in this case to fall back
> if an (for WKD) invalid cert is present, because of this/that security
> issue, I guess then I had a better understanding and then I guess
> also the sequoia team would never had done it so that it works
> with sequoia-pgp.

I think that's exactly what this part of the draft is saying:

3.1. Key Discovery

...

There are two variants on how to form the request URI: The advanced
and the direct method. Implementations MUST first try the advanced
method. Only if the required sub-domain does not exist, they SHOULD
fall back to the direct method.

It just doesn't include the background rationale for
the algorithm in amongst the algorithm. That's probably
discussed elsewhere. But I haven't read the draft. I'm
just copying and pasting from an earlier message in
this thread. Perhaps the rationale is in the draft or
other related documents.

I agree that, whenever instructing someone to do
something, it's a great idea to explain why they need
to do it, if only because it has been shown to
dramatically increase acceptance of the instructions,
but that has to be balanced against the readability of
a document, and the needs of its intended audience.
Writing is hard. It's very difficult for any single
document to satisfy all the needs of all possible
audiences. There have been 11 versions of the draft so
far. I expect that if the rationale isn't in the draft
itself, it has probably been discussed in IETF or GnuPG
forums.

> Regards
> Stefan

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, Jan 15, 2021 at 07:56:26AM +0100, Andr? Colomb <andre@colomb.de> wrote:

> Am 15. Januar 2021 01:56:04 MEZ schrieb raf via Gnupg-users <gnupg-users@gnupg.org>:
> >But of course, you're not asking for that. You're just
> >asking for something to work. There must be other ways.
> >Accepting invalid certificates might just have been my
> >first thought at how to deal with this. But that would
> >enable the advanced method to work (in situations where
> >it shouldn't). If I remember correctly (possibly not),
> >you wanted the direct method to work, and github.io's
> >mis-configuration of certificates caused the advanced
> >method to be attempted and fail, before the direct
> >method could even be attempted.
>
> I'll try to complete your summary. The DNS wildcard entry for
> *.example.github.io leads to the advanced method being tried. We can't
> change that entry, and therefore with the current protocol draft, it
> makes no sense forcefully wanting to use the direct method.
>
> It's easy to set up the advanced method there. But GitHub uses an
> invalid TLS certificate for openpgpkey.example.github.io. That's what
> needs fixing and it is also out of our control.
>
> So basically Stefan's request is to change the protocol to work around
> a misconfiguration because both DNS and the TLS certificate are
> controlled by a company that offers the service totally unrelated to
> WKD. Such a workaround could hurt the ecosystem because it may hide a
> misconfiguration in setups where the operator does have control over
> these things and just needs to notice.

That's why I thought maybe a skip list might be useful,
rather than automatically failing over to the direct
method in all cases where the advanced method is
mis-configured in some way. The user-controlled skip
list could be used in cases where the user knows that
the server administrators aren't going to fix their
system. I can totally understand a reluctance to add
workarounds to other people's bugs into your own
software. I've done that and wasn't happy about it.
But I imagine that a skip list to avoid the advanced
method for certain
known-to-be-permanently-misconfigured domains is
probably a minor instrusion into the code. But I'm just
guessing.

And for it to be of any use, github.io would have to be
in the list by default, so that all users "benefit"
from it without knowing in advance that they need it.
Of course, if github.io ever do fix their TLS system,
they would need to be removed from the skip list, which
presumably wouldn't happen until they next upgrade
gnupg. That would be a problem.

Trying to be pragmatic in the face of other people's bugs
can get tacky.

Hmm, does github itself have a bug-tracking system? :-)

> >OK. I just had a look at https://wiki.gnupg.org/WKD and
> >it doesn't refer to "advanced" or "direct" methods. It
> >seems to consider the "direct" method as the main
> >method, and the "advanced" method as a "Stopgap method"
> >which is "Not recommended - but a temporary
> >workaround". So having an additional mechanism to
> >disable the "advanced" method sounds reasonable. Or
> >maybe the wiki page needs to be updated(?).
>
> Sorry, you just misread that part. The stopgap solution is to use a
> server operated by openpgp.org instead of your own web server. For
> that to work, you must set up the advanced method for WKD on your
> domain's DNS. That method is perfectly fine and in some scenarios even
> easier to use.

Thanks for that. That makes more sense. I thought the
advanced method sounded quite sensible. :-)

> Kind regards
> Andr?
>
> Hi raf,
>
> thanks for your perspective on the matter.
>
> --
> Greetings...
> From: Andr? Colomb <andre@colomb.de>

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 16, 2021 at 1:45 AM raf via Gnupg-users
<gnupg-users@gnupg.org> wrote:

> But there is no certificate that covers that sub-sub-domain.
> That's why browsers complain if you go to
> https://openpgpkey.sac001.github.io/.

A quick question, if you don't mind. Why do people here on this ML
insist on a sub-sub domain, named openpgpkey? Have you
ever maintained a web server? I am not using the html protokoll
that much, but for me the openpgpkey part in, the for me fictious, URL,
causes this error, because GnuPG or gpg4win is looking for this.

I ask, because for me the proper URL would be:

https://sac001.github.io/.well-kown/openpgpkey/etc..

And therefore I see absolutely no reason why GitHub or anybody
else should change their valid SSL cert(s) or do elsewhere some
mumbo jumbo, so to speak.

And even if people had to set-up this extra steps for the advanced
method than at least there is still some room for explaining while
then using also the direct method, or not, because of the name
'advanced', which tells me it has higher priotity than direct.

I must say good night now.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> If you or someone else set's up a web server, for a big organisation
> or for yourself, you simple put in the .well-known folder some
> content which would look most likely then like this:
>
> http://domain.tld/.well-known/etc... or maybe
> https://sub.domain.tld/.well-known/etc...


Right. For instance, you would use either
https://300baud.de/.well-known/...
https://openpgpkey.300baud.de/.well-known/...


> If someone writes now a program which needs to access content in the
> well-known folder, why does a software author needs to implement two
> methods to access the well-known folder? This part for example I do
> not understand, because if one method is not good or secure enough I
> would simply drop one method an implement only the more secure and
> more reliable one, or not?

Because the specification says that it can be in those two places. It
could have stated only one, or a dozen. Or even, "start following links
from the main index and stop after you find the first pgp key".


> The situation we now have is that we have two popular OpenPGP apps
> which handle the access to the well-known openpgp directory
> differently, which nobody can deny.

They differ *slightly*. Only if the first location exists but fails.
But yes, they differ, as agreed by everyone.


> I for example can say I don't care about a draft and happily promote
> sequoia-pgp usage over GnuPG usage, in case OpenPGP users would like
> to use GitHub and WKD for a multi-purpose OpenPGP too. That would
> Werner and a couple of other probably pi*#-off very much but I do not
> have done something wrong and people are allowed to do the same.

Of course, you could. Or you could simply say: the pgp key of
<user>@<domain>.com shall be at https://www.<domain>.com/<user>.pub

That would be following a completely different "standard", but it would
be perfectly fine, too. The beauty of standards is to get everyone
following the same rules and not a https://xkcd.com/927/ situation
though.

A standard allows people to know where to place their keys in a place
it will be looked for, and the clients to know where they should look
for them and how to act.



> My intention was only to promote WKD OpenPGP usage for github.io
> pages in case people like the idea.

This was a good idea, but github pages don't seem to support being used
for WKD (due to the mentioned wildcard issues).


Best regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 16, 2021 at 2:25 AM Ángel <angel@pgp.16bits.net> wrote:
>
> On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > If you or someone else set's up a web server, for a big organisation
> > or for yourself, you simple put in the .well-known folder some
> > content which would look most likely then like this:
> >
> > http://domain.tld/.well-known/etc... or maybe
> > https://sub.domain.tld/.well-known/etc...
>
>
> Right. For instance, you would use either
> https://300baud.de/.well-known/...
> https://openpgpkey.300baud.de/.well-known/...
>
>
> > If someone writes now a program which needs to access content in the
> > well-known folder, why does a software author needs to implement two
> > methods to access the well-known folder? This part for example I do
> > not understand, because if one method is not good or secure enough I
> > would simply drop one method an implement only the more secure and
> > more reliable one, or not?
>
> Because the specification says that it can be in those two places.

Do I understand you correctly that if one uses now a subdomain
like https://keys.300baud.de/.well-known/etc ... this would work
and if so why does it not work with:
https://sac001.github.io/.well-known/etc...

I ask because in my set-up which I would use I would do so
and then add in the SSL cert a subdomain wildcard entry
to cover host a and host b and like explained I would
put keys from all in the WKD directory of host keys.

Best regards
and Good Night
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-16 at 02:32 +0100, Stefan Claas via Gnupg-users wrote:
> Do I understand you correctly that if one uses now a subdomain
> like https://keys.300baud.de/.well-known/etc ... this would work

No. keys.300baud.de would work only for email@keys.300baud.de

However, for email@300baud.de, you can use openpgpkey.300baud.de


> and if so why does it not work with:
> https://sac001.github.io/.well-known/etc...

Because there is a https://openpgpkey.300baud.de which higher priority
(and a certificate error, etc, etc)


> I ask because in my set-up which I would use I would do so
> and then add in the SSL cert a subdomain wildcard entry
> to cover host a and host b and like explained I would
> put keys from all in the WKD directory of host keys.

You don't need a wildcard entry. You could simply request a certificate
with the right name that will be needed.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-16 at 02:20 +0100, Stefan Claas wrote:
> On Sat, Jan 16, 2021 at 1:45 AM raf wrote:
>
> > But there is no certificate that covers that sub-sub-domain.
> > That's why browsers complain if you go to
> > https://openpgpkey.sac001.github.io/.
>
> A quick question, if you don't mind. Why do people here on this ML
> insist on a sub-sub domain, named openpgpkey? Have you
> ever maintained a web server? I am not using the html protokoll
> that much, but for me the openpgpkey part in, the for me fictious,
> URL, causes this error, because GnuPG or gpg4win is looking for this.

Because that's what the specification says.

It's like you wanted to visit "google.com" and your browser said:
"Ok, I will see if www.google.com exists and if so, show you
https://www.google.com (not https://google.com), but if there is no
www. subdomain I will try showing https://google.com directly"†


sequoia also goes to the openpgpkey.domain.tld url first. The
difference with gnupg is in their treatment of errors.







† NB: this is a fictitious example. While browsers do have some
heuristics if the provided domain fails, like prepending a "www." or
making a web search, I know of no browser doing that *before* . Using a
www. for web addresses is just a convention. Although we could have
ended in this situation if things had developed slightly different.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 16, 2021 at 02:20:17AM +0100, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:

> On Sat, Jan 16, 2021 at 1:45 AM raf via Gnupg-users
> <gnupg-users@gnupg.org> wrote:
>
> > But there is no certificate that covers that sub-sub-domain.
> > That's why browsers complain if you go to
> > https://openpgpkey.sac001.github.io/.
>
> A quick question, if you don't mind. Why do people here on this ML
> insist on a sub-sub domain, named openpgpkey?

Because that's how WKD is defined to work.

> Have you ever maintained a web server?

Yes (but that's not really relevant).

> I am not using the html protokoll that much, but for me the openpgpkey
> part in, the for me fictious, URL, causes this error, because GnuPG or
> gpg4win is looking for this.

It's not fictitious. WKD client try to resolve it (i.e.
look it up via the DNS protocol), and github's DNS
servers successfully return several IP addresses for it.
Therefore, as far as github, the owner of the domain, is
concerned, it is real and therefore not fictitious.

> I ask, because for me the proper URL would be:
>
> https://sac001.github.io/.well-kown/openpgpkey/etc..

What you refer to as "proper" is just the direct method.
That's only half of the WKD protocol. There is also the
advanced method. Both methods together comprise the WKD
protocol.

> And therefore I see absolutely no reason why GitHub or anybody
> else should change their valid SSL cert(s) or do elsewhere some
> mumbo jumbo, so to speak.

If their SSL cert were valid for your sub-sub-domain,
there would be no reason to change, but as has been
pointed out many many times, their certificate is only
valid for the domains that it is valid for. It is not
valid for anything else, and the domain
openpgpkey.sac001.github.com is one of the domains for
which github's certificate is not valid.

If this seems like mumbo jumbo to you, please accept
that it really isn't. It's just that you aren't
familiar enough with all of the protocols involved. And
if that's the case, you can't with any confidence
assert that github's certificate is valid (for anything
other than the domains that are bound to the
certificate).

> And even if people had to set-up this extra steps for the advanced
> method than at least there is still some room for explaining while
> then using also the direct method, or not, because of the name
> 'advanced', which tells me it has higher priotity than direct.

It has been explained a few times already. But if the
explanations aren't making sense, perhaps you need more
background information in order to understand the
explanations that have been given. Perhaps you could
read up on DNS and TLS and WKD. I'd recommend the
O'Reilly books on Bind and OpenSSL. There are probably
free online resources but those books are good. But
maybe I just like books for learning big new subjects.
And also the WKD draft, of course. Sorry to suggest a
pile of reading material, but I can't think of a better
way to learn the relevant topics.

> I must say good night now.
>
> Best regards
> Stefan

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 16, 2021 at 11:07 PM Ángel <angel@pgp.16bits.net> wrote:

> You don't need a wildcard entry. You could simply request a certificate
> with the right name that will be needed.

Yes, for me as little nobody that is correct. But I guess we should not
forget the real host masters dealing with a couple (of growing) more
hosts under sub-domains and for ease of use with management of
these.

That is the reason IMHO why a giant like GitHub is using wildcard subdomains
and like I said in my bund.de example etc. this would be IMHO a valid reason
too if they figure out, hey WKD is pretty cool for an inhouse key distribution
management.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 12:09 AM raf via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> On Sat, Jan 16, 2021 at 02:20:17AM +0100, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
>
> > On Sat, Jan 16, 2021 at 1:45 AM raf via Gnupg-users
> > <gnupg-users@gnupg.org> wrote:
> >
> > > But there is no certificate that covers that sub-sub-domain.
> > > That's why browsers complain if you go to
> > > https://openpgpkey.sac001.github.io/.
> >
> > A quick question, if you don't mind. Why do people here on this ML
> > insist on a sub-sub domain, named openpgpkey?
>
> Because that's how WKD is defined to work.
>
> > Have you ever maintained a web server?
>
> Yes (but that's not really relevant).
>
> > I am not using the html protokoll that much, but for me the openpgpkey
> > part in, the for me fictious, URL, causes this error, because GnuPG or
> > gpg4win is looking for this.
>
> It's not fictitious. WKD client try to resolve it (i.e.
> look it up via the DNS protocol), and github's DNS
> servers successfully return several IP addresses for it.
> Therefore, as far as github, the owner of the domain, is
> concerned, it is real and therefore not fictitious.
>
> > I ask, because for me the proper URL would be:
> >
> > https://sac001.github.io/.well-kown/openpgpkey/etc..
>
> What you refer to as "proper" is just the direct method.
> That's only half of the WKD protocol. There is also the
> advanced method. Both methods together comprise the WKD
> protocol.

And in the case of GnuPG and gpg4win it does not work
like one would expect, if the direct method is part of the
protocol, because it will not be triggered if an error occurs
with the advanced method.

>
> > And therefore I see absolutely no reason why GitHub or anybody
> > else should change their valid SSL cert(s) or do elsewhere some
> > mumbo jumbo, so to speak.
>
> If their SSL cert were valid for your sub-sub-domain,
> there would be no reason to change, but as has been
> pointed out many many times, their certificate is only
> valid for the domains that it is valid for. It is not
> valid for anything else, and the domain
> openpgpkey.sac001.github.com is one of the domains for
> which github's certificate is not valid.

And that is correct and as we all have seen GnuPG and
gpg4win are not falling back to the valid direct method, while
sequoia-pgp does and gives satisfactory results. That
simple... :-)
>
> If this seems like mumbo jumbo to you, please accept
> that it really isn't. It's just that you aren't
> familiar enough with all of the protocols involved. And
> if that's the case, you can't with any confidence
> assert that github's certificate is valid (for anything
> other than the domains that are bound to the
> certificate).

You know what I like in the whole discussion most ,that people
always assume, when trying to convince me, that like
you say, that I am not familiar enough with this and
that and when I counter argument that I do not yet have received
here a simple answer, for all laymens here reading, why
can GnuPG or gpg4win not fallback or test the availabilty
of the direct-method? I thing it is a quite simple question
and nor Werner or anybody else can, so it seems, answer
this. The only satisfactory and honest answer came only
from Neal so far, explaining why it properly works with
sequoia-pgp.

> > And even if people had to set-up this extra steps for the advanced
> > method than at least there is still some room for explaining while
> > then using also the direct method, or not, because of the name
> > 'advanced', which tells me it has higher priotity than direct.
>
> It has been explained a few times already. But if the
> explanations aren't making sense, perhaps you need more
> background information in order to understand the
> explanations that have been given. Perhaps you could
> read up on DNS and TLS and WKD. I'd recommend the
> O'Reilly books on Bind and OpenSSL. There are probably
> free online resources but those books are good. But
> maybe I just like books for learning big new subjects.
> And also the WKD draft, of course. Sorry to suggest a
> pile of reading material, but I can't think of a better
> way to learn the relevant topics.

You can assume what ever you like and try to convince me,
but sorry to say this, fact is sequoia-pgp works and GnuPG
and gpg4win does not.

My advise would be that Werner thinks of proper wildcard
subdomain support, like my Github case and as already
suggested (as I have seen now) to give WKD users are
*clear* picture.

P.S. I have no problems to discuss here with everybody
this thread more, even if it is getting now a bit boring
for me. I do accept however mistakes I publicity make
or have made here, but at least the interested reader
gets a good overview how things 'work' in the GnuPG
ecosystem, if you understand what I mean ...

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, Jan 16, 2021 at 02:25:14AM +0100, ?ngel <angel@pgp.16bits.net> wrote:

> On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > My intention was only to promote WKD OpenPGP usage for github.io
> > pages in case people like the idea.
>
> This was a good idea, but github pages don't seem to support being used
> for WKD (due to the mentioned wildcard issues).

Is it a good idea, though? I'm not sure that many
people would want to change their email addresses so as
to end in @something.github.io just so that they could
then use WKD with github.io. How would that even work?

For example, sac001.github.io doesn't have an MX
record, so email can't be sent to any address with that
as the domain. Github doesn't support adding MX records
for sub-domains to their DNS servers. Even if they did,
you'd still need to set up an email server wherever the
MX record points to anyway. github.io is for setting up
web pages, not email addresses or email accounts.

I must be missing something, but I can't see how a
github.io email address can be connected to an actual
email server or email account, so I can't see how WKD
could be used in connection with github.io email
addresses.

The problem isn't just github doing DNS wildcarding
without the corresponding valid TLS wildcarding,
combined with gnupg not failing over to the direct
method when the advanced method fails. The problem is
that WKD is a protocol for automatically and reliably
mapping an email address to its corresponding public
key, and github.io doesn't support email addresses or
email accounts.

While gnupg's behaviour could be changed (in one or two
different ways) to workaround github.io's
mis-configuration (assuming there are no adverse
security or maintenance implications in doing so),
would that actually solve this problem? I don't think
it would. It wouldn't make github.io email addresses
suddenly become possible.

The only way I can see for this to work at all, is if
all WKD clients were also changed so as to be able to
use one fake "email address", solely for the purpose of
obtaining a public key (that is stored on github.io),
but then using that key to encrypt emails to a
completely different real email address (that has
nothing to do with github.io).

That seems to contradict the rationale for WKD, which
is to have a way of automatically finding the key
that you know really belongs to whoever owns the email
address that emails are being encrypted to. The above
change doesn't sound any better than the pre-WKD
situation of looking up a key from an arbitrary key
server and hoping that it's the right one.

Section 3 of the WKD draft outlines the rationale:

https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-11

I know that sequoia does failover to the direct method
when the advanced method fails, but their stated reason
for doing that wasn't related to github.io. So it seems
that there are use cases where failing over to the
direct method can be helpful, but I don't see how it
can help with github.io specifically.

But that could be due to my ignorance of something
important, or just a lack of imagination. :-)
But a bit of googling seems to confirm my thinking.

https://webmasters.stackexchange.com/questions/127564/how-to-setup-domain-email-for-a-site-that-uses-github-pages
https://www.breck-mckye.com/blog/2020/05/Setting-up-a-static-site-and-personal-email-without-paying-for-hosting/

Both of these links seem to indicate that combining
email and github.io requires a separate domain that you
control, where github.io only provides the web hosting.
It doesn't provide the email address. If you have a
domain that you control, you can easily avoid the
advanced method by not implementing it. But I think
avoiding having to pay for things like a domain was
part of the rationale for this WKD+github.io proposal.

cheers,
raf


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 4:52 AM raf via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> On Sat, Jan 16, 2021 at 02:25:14AM +0100, Ángel <angel@pgp.16bits.net> wrote:
>
> > On 2021-01-15 at 20:34 +0100, Stefan Claas via Gnupg-users wrote:
> > > My intention was only to promote WKD OpenPGP usage for github.io
> > > pages in case people like the idea.
> >
> > This was a good idea, but github pages don't seem to support being used
> > for WKD (due to the mentioned wildcard issues).
>
> Is it a good idea, though? I'm not sure that many
> people would want to change their email addresses so as
> to end in @something.github.io just so that they could
> then use WKD with github.io. How would that even work?

> But that could be due to my ignorance of something
> important, or just a lack of imagination. :-)
> But a bit of googling seems to confirm my thinking.

I am not sure if you followed the whole thread but I used the term
multi-purpose usage key, for users like to going this route.

GitHub, for example, gives users the ability to host an own web page
so that users do not need to sign up for paid services in order to
create rich-content static web pages. If you would visit my GitHub
account at: https://github.com/sac001/ you would see that if you
had a GitHub account as well that you would see one of my email
addresses where I can be reached.

Regarding a multi-purpose key and WKD. I mentioned here already
that a multi-purpose usage key can be used for other tasks as well,
besides popular email. Remember only my old thread where I asked
for some volunteers in the EU, which allows them in their country
to more securely than email and also more decentralized than email
to communicate. I also mentioned in another thread Bitmessage,
which does not have an email address and works as p2p global
Network like a modern and privacy friendly replacement for email.

If you only see, let's say as an email user only, the usage of
OpenPGP software for strict email usage only, then you may
have a limited horizon, for public key cryptography, if you allow me
to say this. WKD, as nobody can deny could be IMHO a fantastic
way for decentralized key distribution, managed under the users
own control, if it would be a bit more flexible in the implementation
of GnuPG and gpg4win. That this may not be a cup of tea for MUA
only users I can understand, but it does not hurt them in any way
when they communicate the email way with their friends they always
do. The more options OpenPGP users have the better. Last but
not least if I had here proposed something that would endager
OpenPGP users in a way that I can not see you can be sure
that I would not have started this thread.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:

> On Thu, 14 Jan 2021 01:47, Ángel said:
>
>> I understand this to mean it as "only use the direct method if the
>> required sub-domain does not exist", with the SHOULD meaning that the
>> direct method is not required (not sure why, I would have probably used
>
> Right. The subdomain is actually a workaround for SRV RR. We can't
> use the latter in browser based implementation and thus need to resort
> to this hack.

Forgive my ignorance, but can someone explain, what "browser based
implementation" of WKD exists (or might exist) and/or why this is
desirable?

Shouldn't the WKD draft rather give the WKD implementation the
responsibility to use a proper dns client library? I assume other
protocols (which allow SRV records to redirect requests) do this (xmpp,
irc, ...)?

regards, Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAEB+IACgkQCu7JB1Xa
e1oQwg/9FXVLP3RCDVsSERDwF1LV/nDx9xRJZSWixyxG+v5huW/jxT1C4xdJ4M8P
6dB/4I1CQSNd4c9/MflG3wOjKR+lA1RmtiXYX2ocK2armjNf0nHoFNCqlDs87AdI
kQUm9YBwPsNeSmzZb1DnbV0oU2y0Yv7EcxJygByR7G1WSPjnxyiwXtuu5e6Lpw96
06kyEf0+jyg7x7mn0F3FseQCyBwC9pYbm57Irm+KpCAoLVtPenWdq87R1Ypp4Ez4
nJyrzaC/h2MVXGHZcGb5fBqBYJAKgY9pIQOJ005NLiPW4K2o7mrPOT/DGNOvom8H
+NjtoMKY+Iypp5OOd1juYk/p5yan65H9WWqaiLLhORd+1WENffpHwkClJqCr1Nj4
zxcyxUIuhe8EIWLqmPGW4h/40KmDzJJiFNTASV5ZlI6l2cZPeRLOLbre/yyBvRtB
EiF5lMV2iytepRntblEmFT4CVPdGNYchY8Um5PklGWp59n3zCvJ0hJyhqPwBTKNL
4WFG/raUgdTkQJZlAi+NLGt3oFzycKPqBkaXn5ArYgmgTsUKNqUp8+5OxStbKyG2
9ZEFwzrkpuK1LtuW8xf9RIlqhfnS0IuGkgKE/ZPZl3hI+sT30Isv++4PyNeNFQ9C
64LWYkEEgPNUB70Gv+PFjKku9fv8YIROiFkXJqZ/Iq7a5ngd/48=
=xq9S
-----END PGP SIGNATURE-----

On Sun, Jan 17, 2021 at 10:51 AM Erich Eckner via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi all,
>
> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>
> > On Thu, 14 Jan 2021 01:47, Ángel said:
> >
> >> I understand this to mean it as "only use the direct method if the
> >> required sub-domain does not exist", with the SHOULD meaning that the
> >> direct method is not required (not sure why, I would have probably used
> >
> > Right. The subdomain is actually a workaround for SRV RR. We can't
> > use the latter in browser based implementation and thus need to resort
> > to this hack.
>
> Forgive my ignorance, but can someone explain, what "browser based
> implementation" of WKD exists (or might exist) and/or why this is
> desirable?

Well, Mailvelope, for example is a Browser based add-on with WKD support.
Mailvelope can be used with services like Gmail, so that you don't need a MUA.

There is also now a competing product for Mailvelope, from IIRC, the
United States,
which I have forgot.

Desireable, well, flexibilty so to speak, if you read my previous reply to raf.

BTW. WKD *Web* Key Directory for *Web* pages ... ;-)

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 11:18 AM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Well, Mailvelope, for example is a Browser based add-on with WKD support.
> Mailvelope can be used with services like Gmail, so that you don't need a MUA.
>
> There is also now a competing product for Mailvelope, from IIRC, the
> United States,
> which I have forgot.
>
> Desireable, well, flexibilty so to speak, if you read my previous reply to raf.
>
> BTW. WKD *Web* Key Directory for *Web* pages ... ;-)

I just did a quick test and downloaded Firefox and installed Mailvelope,
created a test key pair with with a fictious email address and no Web Mail
Provider configured and WKD with Mailvelope and GitHub works, same
as sequoia-pgp. Quite superb and super easy to use.

https://ibb.co/Zm21wzk

P.S. Mailvelope is also supported by our BSI and audited.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 17 Jan 2021, Stefan Claas wrote:

> On Sun, Jan 17, 2021 at 10:51 AM Erich Eckner via Gnupg-users
> <gnupg-users@gnupg.org> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Hi all,
>>
>> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>>
>>> On Thu, 14 Jan 2021 01:47, Ángel said:
>>>
>>>> I understand this to mean it as "only use the direct method if the
>>>> required sub-domain does not exist", with the SHOULD meaning that the
>>>> direct method is not required (not sure why, I would have probably used
>>>
>>> Right. The subdomain is actually a workaround for SRV RR. We can't
>>> use the latter in browser based implementation and thus need to resort
>>> to this hack.
>>
>> Forgive my ignorance, but can someone explain, what "browser based
>> implementation" of WKD exists (or might exist) and/or why this is
>> desirable?
>
> Well, Mailvelope, for example is a Browser based add-on with WKD support.
> Mailvelope can be used with services like Gmail, so that you don't need a MUA.

Ah, I see. That makes sense: integrate the keyring (and thus also a WKD
client) into the webmailer. OTOH: How do web-chat clients request SRV
records? Or do they simply not work with servers, who offer their
connection information via SRV?

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAEH74ACgkQCu7JB1Xa
e1qa4g/+IJxZDT0FpGVNCog2kXCmEJvouqxxnFrhVv62Xy3ycbOBQ8FAmOz1+3+9
NRPtonFVRBEQBk5Dd+tozIYIPC1pOLRCQPkuPr9CZ9Z+XcPWLyEtjV2FHESsWNHE
w2yI3aWfa1jpLymXNVWVpi0fmXzFS4dSsz3EU4lGWuwLbbFrBa9eg/2WEo9n15Ec
pdY2QBfAYEnzi8F9vnrkHlMDYb6uoaEbEkv4lDYIBUOocDYeLVLQaXyp4hZ154MU
qUnabQD1w9ZRhFFXz9k661Nbf8lp8xfodrqEB3FSaHoES16tlN7j18/O2a933exA
nRrdOzqGrRBJDa6UOp6HuxAZJ2bQtoDhSpOOihDC8ncAeox0Uw3dDb22FV7wDXNJ
FVaIf/ISpCDO+5H09HaNxro0Qwa/En8X1h4H7XrtfETGwgkvyPaO/zqoILGgSQsb
jCMSaDT1XUP++mtF+DR6RruizB29BkxiRMBo3cDrc4jE632MNq2sbFVWbpic3RZn
7L6OIsKWC1StmHWD1CLMgVULMBwTDveeCFEbsUpSvMCaCyyMGL2wAU4z+i2252JW
+pz4JP0cFT1YMDeBOj1VysTrCTkUzQwa//a3JooO9PolsVvHYhuPTfPAu2UMn4u1
RbakTh/2ELZKxB6VcpkmbpNYLnA+M6+u1+HiDnNOQOq4sd65qmY=
=oQdC
-----END PGP SIGNATURE-----

On Sun, Jan 17, 2021 at 12:33 PM Erich Eckner via Gnupg-users
<gnupg-users@gnupg.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Sun, 17 Jan 2021, Stefan Claas wrote:
>
> > On Sun, Jan 17, 2021 at 10:51 AM Erich Eckner via Gnupg-users
> > <gnupg-users@gnupg.org> wrote:
> >>
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA256
> >>
> >> Hi all,
> >>
> >> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
> >>
> >>> On Thu, 14 Jan 2021 01:47, Ángel said:
> >>>
> >>>> I understand this to mean it as "only use the direct method if the
> >>>> required sub-domain does not exist", with the SHOULD meaning that the
> >>>> direct method is not required (not sure why, I would have probably used
> >>>
> >>> Right. The subdomain is actually a workaround for SRV RR. We can't
> >>> use the latter in browser based implementation and thus need to resort
> >>> to this hack.
> >>
> >> Forgive my ignorance, but can someone explain, what "browser based
> >> implementation" of WKD exists (or might exist) and/or why this is
> >> desirable?
> >
> > Well, Mailvelope, for example is a Browser based add-on with WKD support.
> > Mailvelope can be used with services like Gmail, so that you don't need a MUA.
>
> Ah, I see. That makes sense: integrate the keyring (and thus also a WKD
> client) into the webmailer. OTOH: How do web-chat clients request SRV
> records? Or do they simply not work with servers, who offer their
> connection information via SRV?

Oh, sorry I do not use chat clients and I am not familiar how they do it.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-17 at 10:48 +0100, Erich Eckner wrote:
> Hi all,
>
> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>
> > On Thu, 14 Jan 2021 01:47, ?ngel said:
> >
> >> I understand this to mean it as "only use the direct method if the
> >> required sub-domain does not exist", with the SHOULD meaning that the
> >> direct method is not required (not sure why, I would have probably used
> >
> > Right. The subdomain is actually a workaround for SRV RR. We can't
> > use the latter in browser based implementation and thus need to resort
> > to this hack.
>
> Forgive my ignorance, but can someone explain, what "browser based
> implementation" of WKD exists (or might exist) and/or why this is
> desirable?
>
> Shouldn't the WKD draft rather give the WKD implementation the
> responsibility to use a proper dns client library? I assume other
> protocols (which allow SRV records to redirect requests) do this
> (xmpp,
> irc, ...)?
>
> regards, Erich

Hi Erich

I think that would be an implementation such as https://encrypt.to/ or
a wemail that wanted to only source openpgp.js, without needing to set
up a server-side gateway to resolve SRV records.

Best,

?ngel


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2021-01-17 at 00:28 +0100, Stefan Claas wrote:
> On Sun, Jan 17, 2021 at 12:09 AM raf wrote:
> > What you refer to as "proper" is just the direct method.
> > That's only half of the WKD protocol. There is also the
> > advanced method. Both methods together comprise the WKD
> > protocol.
>
> And in the case of GnuPG and gpg4win it does not work
> like one would expect, if the direct method is part of the
> protocol, because it will not be triggered if an error occurs
> with the advanced method.


It is part of the protocol, under certain rules:
> Only if the required sub-domain does not exist, they SHOULD
> fall back to the direct method.
(from section 3.1)

The sub-domain exists, and thus gnupg does not fall back to the direct
method.


I guess most people (still) reading this thread to be somewhat familiar
with their local driving regulation (however that is called).


Let's suppose we were all building autonomous cars, intended to be
driven? in San Serriffe, where the law stated:
> When approaching a road intersection, the driver? must first
> determine if there is a traffic light, in which case they are allowed
> to cross it if it is Green. Else, they should verify if there is a
> zebra crossing, and can go through if there is no pedestrian on it.



The current discussion is analogous to having a car approaching an
intersection where there is a red traffic light lit and a zebra
crossing with no people.

One brand of car sees the red light and stops. The other falls back to
looking at the zebra crossing and goes through.







> You know what I like in the whole discussion most ,that people
> always assume, when trying to convince me, that like
> you say, that I am not familiar enough with this and
> that and when I counter argument that I do not yet have received
> here a simple answer, for all laymens here reading, why
> can GnuPG or gpg4win not fallback or test the availabilty
> of the direct-method? I thing it is a quite simple question
> and nor Werner or anybody else can, so it seems, answer
> this. The only satisfactory and honest answer came only
> from Neal so far, explaining why it properly works with
> sequoia-pgp.

GnuPG (gpg4win is just including GnuPG) see that the advanced method is
available, so why should they fall back to the direct method?
Of course, the code *could* be changed to do that, but there should be
a reason. Similarly, some San Seriffe car owners could argue that if a
pedestrian crosses the road not on a zebra crossing, the proper action
by their car was to run over them. The car manufacturers may still
prefer not to do that.




? Or may be just "observed while it drives itself"
? Usually human, but the car in this case


> You can assume what ever you like and try to convince me,
> but sorry to say this, fact is sequoia-pgp works and GnuPG
> and gpg4win does not.

That highly depends on what you consider to be "working". You
have a certificate error on https://yourbank.de. Browser A
simply shows an error to the user. Browser B automatically goes to
http://yourbank.de, letting the user perform their banking there.

Which browser "works"?



> My advise would be that Werner thinks of proper wildcard
> subdomain support, like my Github case and as already
> suggested (as I have seen now) to give WKD users are
> *clear* picture.

There is no "wildcard subdomain support" issue for TLS certificates.
Both GnuPG and sequoia agree that the certificate presented by
github.io for the advanced method is invalid.



If you mean for wildcard DNS subdomains, that was already taken into
account months ago in the draft, it even hints at how domain owners can
avoid this issue:

> Sites which do not use the advanced method but employ wildcard DNS
> for their sub-domains MUST make sure that the "openpgpkey" sub-domain
> is not subject to the wildcarding. This can be done by inserting an
> empty TXT RR for this sub-domain.



Best regards



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 3:49 PM Ángel <angel@pgp.16bits.net> wrote:

[...]

sorry, but simply said I discovered now that a second major and trusted
contender, Mailvelope supported by BSI and audited, works also as
sequoia-pgp does. Werner and his (shrinking in numbers) supporters
should think now what do to, instead of defending something, that could
be improved. Try to see it this way, It does not hurt, I promise! :-)

I will try to find the US competitor for Mailvelope and test this as well.

P.S. Juergen, had been nice if you had posted your results with
the direct method.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 4:28 PM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:
>
> On Sun, Jan 17, 2021 at 3:49 PM Ángel <angel@pgp.16bits.net> wrote:
>
> [...]
>
> sorry, but simply said I discovered now that a second major and trusted
> contender, Mailvelope supported by BSI and audited, works also as
> sequoia-pgp does. Werner and his (shrinking in numbers) supporters
> should think now what do to, instead of defending something, that could
> be improved. Try to see it this way, It does not hurt, I promise! :-)
>
> I will try to find the US competitor for Mailvelope and test this as well.

Ok, found it. The name is flowcrypt, a browser add-on for Gmail and it
works there too. So now we have sequoia-pgp, Mailvelope and flowcrypt.

However flowcrypt sends immediately emails because the butten say there
encrypt,sign and send. I just wrote their support to consider to optionally
copy to the clipboard, so that users have the same option like Mailvelope
and I also refered to this thread here.

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sun, Jan 17, 2021 at 9:14 AM Stefan Claas
<spam.trap.mailing.lists@gmail.com> wrote:

> Regarding a multi-purpose key and WKD. I mentioned here already
> that a multi-purpose usage key can be used for other tasks as well,
> besides popular email. Remember only my old thread where I asked
> for some volunteers in the EU, which allows them in their country
> to more securely than email and also more decentralized than email
> to communicate. I also mentioned in another thread Bitmessage,
> which does not have an email address and works as p2p global
> Network like a modern and privacy friendly replacement for email.

For Alice and Bob and their friends.

https://dead-drop.me/

Regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sonntag, 17. Januar 2021 10:48:17 CET Erich Eckner via Gnupg-users wrote:
> Hi all,
>
> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
> > On Thu, 14 Jan 2021 01:47, ?ngel said:
> >> I understand this to mean it as "only use the direct method if the
> >> required sub-domain does not exist", with the SHOULD meaning that the
> >> direct method is not required (not sure why, I would have probably used
> >
> > Right. The subdomain is actually a workaround for SRV RR. We can't
> > use the latter in browser based implementation and thus need to resort
> > to this hack.
>
> Forgive my ignorance, but can someone explain, what "browser based
> implementation" of WKD exists (or might exist) and/or why this is
> desirable?

https://openpgpjs.org/ supports WKD. OpenPGP.js is used by many web
applications (see link). This is desirable to allow webmailers (and other web
applications that support OpenPGP) to lookup OpenPGP keys via WKD.

Regards,
Ingo

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, 17 Jan 2021, Ingo Kl?cker wrote:

> On Sonntag, 17. Januar 2021 10:48:17 CET Erich Eckner via Gnupg-users wrote:
>> Hi all,
>>
>> On Thu, 14 Jan 2021, Werner Koch via Gnupg-users wrote:
>>> On Thu, 14 Jan 2021 01:47, ?ngel said:
>>>> I understand this to mean it as "only use the direct method if the
>>>> required sub-domain does not exist", with the SHOULD meaning that the
>>>> direct method is not required (not sure why, I would have probably used
>>>
>>> Right. The subdomain is actually a workaround for SRV RR. We can't
>>> use the latter in browser based implementation and thus need to resort
>>> to this hack.
>>
>> Forgive my ignorance, but can someone explain, what "browser based
>> implementation" of WKD exists (or might exist) and/or why this is
>> desirable?
>
> https://openpgpjs.org/ supports WKD. OpenPGP.js is used by many web
> applications (see link). This is desirable to allow webmailers (and other web
> applications that support OpenPGP) to lookup OpenPGP keys via WKD.

Ah, yes, I didn't see the possibility/need to have the keyring in the
browser (or no keyring at all) and receive keys from within the browser.
:-)

Thanks for the pointers!

And I assume, it's non-trivial or even impossible to start proper DNS
queries (for a SRV record) from within JS?

Because it seems to me, the root for this debate is in gnupg's "ab"use of
a subdomain for something which should actually be a SRV record. (Plus the
fact, that DNS wildcards and TLS wildcard certficates work differently.)

>
> Regards,
> Ingo
>

regards,
Erich

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmAEeZoACgkQCu7JB1Xa
e1prNhAAnSOXwNUZSQtpU1716Nccb1pywGpvNkKn/KWSA6kDhacKqtjs3KzOtXNW
0bppT7QaCNxAcJVKqKhbki5epNRRDdft/KM9Pw1I/c+n+TjOPS6340r7qlZXBV1c
0wlCuAPSGLvV6nl5oeGnDmQqn0uT7fT52Gt8iUQdRnrHI+u6Q/kR4SEQyDAili2A
HnN58CXotrNeihAooOoQZxc8Qlfd1DRWyAQ60wgFQX/0HTIkAaAXlPljN5DBlbAd
1c1cEFMmHAxfz5CsWS77jl9G30ysxt3JKpGy0Xr6Pe2WfEipdUBQCwMO6lS82iXo
RUFQm4ybDByXVBaqpJXCnFPZT+Mxe3gSS4BwpFwsDWMh5V7iIp1atExazsjQPc5U
UC7KldS6NqMqFhFtDn17sNATx/lKqmeh2Lze8vQ4x/tqxzNiR6tXZ43S/DJEiPsR
uo0K2h7DPFnEt34HvQeiq3bt/kPAKEwg6Lj80fWq9zA506j2elg1PlXfj/hSqEPh
rw/9CVD414uuf4W7ncF/9ijOPhO1k4hJIdv32VTWOxso8oSHIdEH+sjZwINH8ABn
Jb8eq05BVRQwsnCqSZShyaMJCVXYh9dDDe6TLebfhTS13aUzvbqqw9hhGNbSB9Xj
DCL3M9uCX8rIpcorihGsBN0Oa0yXpVwdkf8Jv2AHWiSpidsF3nw=
=Fwhi
-----END PGP SIGNATURE-----