Mailing List Archive

WKD Checker
On Sun, 17 Jan 2021 19:27:05 +0100,
?ngel wrote:
> I feel there is a need for a proper wkd test suite (as well as a
> clarifying on the draft itself the things that are coming up).

FWIW, there is Wiktor Kwapisiewicz's wkd checker:

https://gitlab.com/wiktor-k/wkd-checker
https://wkd.sequoia-pgp.org/

This is more for checking a WKD setup than checking a WKD client.

I'm sure he'd be open to issues for things that he missed.

:) Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WKD Checker [ In reply to ]
On Mon, Jan 18, 2021 at 8:43 AM Neal H. Walfield <neal@walfield.org> wrote:
>
> On Sun, 17 Jan 2021 19:27:05 +0100,
> Ángel wrote:
> > I feel there is a need for a proper wkd test suite (as well as a
> > clarifying on the draft itself the things that are coming up).
>
> FWIW, there is Wiktor Kwapisiewicz's wkd checker:
>
> https://gitlab.com/wiktor-k/wkd-checker
> https://wkd.sequoia-pgp.org/
>
> This is more for checking a WKD setup than checking a WKD client.
>
> I'm sure he'd be open to issues for things that he missed.
>
> :) Neal

Hi Neal,

thanks for chiming in here again, which you normally have not to
do and instead you could enjoy popcorn while reading this thread. :-)

I like to leave this reply here as my last post, while I know this
Mailing List is thankfully mirrored ... and links to this whole thread
are also floating around in the Internet, in related forums.

I repeat here once again GitHub has a *valid* SSL cert.

If GnuPG and gpg4win can not handle properly the
direct-method, e.g. a fallback if *for* GnuPG or gpg4win
a certificate is 'ìnvalid' and sequoia-pgp, Mailvelope etc.
can use the direct-method than it should tell us something.

As understood Damien jumped in yesterday to explain why
some JavaScript kiddies asked for a sub.sub openpgpkey
domain support (Remember the *EU funded* openpgp.js)
library used in Mailvelope can handle my github.io key.

Let's also assume that Werner, in his ivory tower, 'protected'
by the *Old* Guard is correct and I am now officially known
as retard, or whatever people like to call me, GitHub would
make changes to their IT infrastructure, so that according
to a *draft* GnuPG and gpg4win can handle this, what happens
if I invent tomorrow WKD for S/MIME and WKD for NaClbox
according to Werner's current *draft*, because many people
would like it. Should GitHub do then changes *again*?

Neal, maybe you and your team, as professionals, can explain
what the .well-kown folder in a Web root is good for, because
it is not only used for WKD and it is also used by many many
apps, for verification purposes, like one can see in my GitHub
project folder, regarding Brave verification and one can see
that a .well-known folder serves it's purpose for the direct
method if one tries Wictor's fine WKD checker with
stefan.sac001.github.io.

I finish now and I am very thankful that you jumped in for
clarification, which you should had not to do and also thanks
do dkg for suggesting clarification on dev.gnupg.org.

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WKD Checker [ In reply to ]
Hi Stefan,

On 18/01/2021 17.12, Stefan Claas via Gnupg-users wrote:
> I repeat here once again GitHub has a *valid* SSL cert.

You are right on that point. Absolutely right, seriously. It's
actually their web server configuration which is suboptimal. Those two
statements are universally true, while the rest of this thread was only
applicable to a specific context :-)

Good night.
André

--
Greetings...
From: André Colomb <andre@colomb.de>
Re: WKD Checker [ In reply to ]
On Mon, 18 Jan 2021 17:12:56 +0100,
Stefan Claas wrote:
> I repeat here once again GitHub has a *valid* SSL cert.

You're right. github has a valid TLS certificate. But that valid TLS
certificate is not valid for openpgpkey.sac001.github.io. That's just
the way it is, sorry.

:) Neal

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WKD Checker [ In reply to ]
On Tue, Jan 19, 2021 at 9:51 AM Neal H. Walfield <neal@walfield.org> wrote:
>
> On Mon, 18 Jan 2021 17:12:56 +0100,
> Stefan Claas wrote:
> > I repeat here once again GitHub has a *valid* SSL cert.
>
> You're right. github has a valid TLS certificate. But that valid TLS
> certificate is not valid for openpgpkey.sac001.github.io. That's just
> the way it is, sorry.

Hi Neal, you don't have to say sorry ... because it is the way GnuPG
and gpg4win handles this required openpgpkey subdomain part in
their WKD advanced-method implementation, while I personally
like the direct-method to use only, which according to Wiktor's
WKD checker is properly set-up for my github.io page and most
important it is working with sequoia-pgp and Mailvelope etc. :-)

Best regards
Stefan

Best regards
Stefan

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users