On Mon, Jan 18, 2021 at 01:42:52PM +0100, André Colomb <an...@colomb.de> wrote:
> We need to remember that WKD is only a convenience mechanism for > discovery, not any kind of authentication. > > Kind regards > André And it's discovery that begins with an email address. I still can't work out what functionality WKD provides in a situation that isn't email-related. If you have a non email-related use case for obtaining a key, why use a non-functioning email address lookalike as a label for the key, and then require the user to use WKD client software to obtain the key, when you could even more easily just give the user a URL which can act as the label for the key, and the user could then use any simple HTTP client to obtain the key. In other words, when there is no email address, there is no link between an email address's domain and a website with the same domain (and a presumed connection between the administration of the email and web services for that domain), what functionality does WKD actually provide? It's the existence of a working email address that the user already possesses, in combination with the presumed link between the administration of a mail service and a web service, that make WKD able to provide discovery that is automatic and reliable. Without all of the above, there is no discovery, reliable or otherwise, and it's not automatic, because the user has to obtain the label first somehow. If you have to give the user a special new label that they don't already possess (because it isn't a natural email address), why can't that label be a URL instead? Why do they need special WKD software when they could use any HTTP client? What does the user gain from it? What does the key owner gain from it? Forgive me if I'm being ignorant and unimaginative, and perhaps I should just stop trying to understand, but it looks to me like a case of finding a hammer, and things starting to look more and more nail-like. There should be some benefit to be had from the additional complexity of using WKD in the absence of email, but I can't see what it is, and it hasn't been explained (unless I missed that). cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users