Re: WKD proper behavior on fetch error
On Sun, Jan 17, 2021 at 10:27:24PM +0100, Stefan wrote in : On Sun, Jan 17, 2021 at 10:16 PM Juergen Bruckner via Gnupg-users wrote: Hi Juergen. Your showcase with github.io also says nothing else than that Sequoia considers an invalid certificate to be correct. That this happens in audited software says just as much about the value of the audit. Please try to accept that GitHub's SSL cert is *valid*, or do you think that a CA certifies and invalid cert? It is not valid for the requested sub-sub-domain. Just as if you would hold my passport, the passport itself might be valid, but it is not valid for you to identify yourself with. That said, welcome to my kill file. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: WKD for GitHub pages
On Tue, Jan 12, 2021 at 10:17:13PM +0100, Stefan wrote in : How can GPG solve bugs that are not in the GPG code or infrastructure? I think André did a great job explaining what the issues are. How do you think they can be addressed by GPG? If you followed the whole thread you may agree that GnuPG and gpg4win, due to the way of how WKD is implemented does not allow wildcard (sub)domains, when fetching a pub key from, for example, github.io pages, because it gives a cert error for a *valid* SSL cert, while other OpenPGP software, like sequoia-pgp, can handle this. I suggest that you or any other persons ask this question Werner, the author of GnuPG and IIRC the wkd-draft author or you ask the sequoia team how they implemented WKD, because sq.exe does it's job. Firefox gives an error on the URL https://openpgpkey.sac001.github.io/ : Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for openpgpkey.sac001.github.io. The certificate is only valid for the following names: www.github.com, *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com, githubusercontent.com I don't see the valid SSL certificate you keep on insisting is there. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Five volunteers needed (EU only please)
Hi Stefan, I feel (speaking only for myself), that this subject has ventured off far enough to no longer be on topic for this list, if it ever was to begin with. While it might make for interesting reading, other forums might be more suitable for it, or even a postal only remailing club or something, I don't know. Thanks, Remco ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: new subscriber
On Fri, May 15, 2020 at 05:58:51AM -0700, Arthur wrote in <5d1e3dd6e2e4c31ae60ec2a938a53342.squirrel@giyzk7o6dcunb2ry.onion>: Hi, I'm checking if my subscription is valid. Your subscription is... This message has been digitally signed by Arthur Dasaviour ...your signature is not. Just writing that you've signed something does not make it so (from a gnupg perspective). signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
