ting point to attract comments on the approach.
By the way, is there something like a repository to send and discuss
pull requests against the WKD draft document? Or is it just
hand-crafted text edited by the submitter based on suggestions?
Kind regards
André
--
Gree
tions. IIUC, he is the main (and only?) draft author, so
before IETF gets formally involved, the draft proposal can be iterated
easily.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
eetings...
From: André Colomb
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
hink that this logic still holds just
in case SRV records are to be used again.
So what do you think? I'm not subscribed to any IETF mailing lists, but
feel free to propose this in the relevant circles. I hereby renounce my
rights on the modified text :-)
Kind regards
André
--
Greetings..
rue, while the rest of this thread was only
applicable to a specific context :-)
Good night.
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
h
etter than no encryption at all, e.g. to set up an
out-of-band key verification.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http:/
, hence the
> late reply.
Sorry, I don't quite understand. Would you like a reply to be addressed
directly in addition to the mailing list?
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
_
will
not revoke their wildcard certificate just for you. Hijacking a GitHub
Pages user name seems more likely than taking over a well secured domain
hosting account.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP di
te you. Please try
to keep the discussion productive.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
n web server. For that to work, you
must set up the advanced method for WKD on your domain's DNS. That method is
perfectly fine and in some scenarios even easier to use.
Kind regards
André
Hi raf,
thanks for your perspective on the matter.
--
Greetings...
From: André Colomb
I offer to help with any problems
coming up. You should not rule out the advanced method yet. Depending
on your setup, it might actually be the easier route if wildcard domains
are involved.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital sign
.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ve avoided this long
> thread. :-)
I couldn't resist trying to help Stefan understand where the error lies,
so apologies for my share of the message flood :-)
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
_
c even explicitly
mentions one possible pitfall including a solution.
Reactions to that kind of misconfiguration should also be standardized in the
spec. That's all there is to criticize, IMHO.
Kind regards
André
--
Greetings...
From: André Colomb
___
needs to "noodle around with domain settings". It points you to the
right spice to add just in case your domain settings are already a
noodle soup.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Hi Stefan,
On 13/01/2021 17.07, Stefan Claas wrote:
> On Wed, Jan 13, 2021 at 10:22 AM André Colomb wrote:
>
>> So the core problem, as with Stefan's case, is the lack of control over
>> the domain's DNS settings. Which the WKD mechanism relies upon to
>> delegate trust
ent WKD Internet
Draft. At least a clarification and maybe some adjustments to the
advised fall-back behavior would be in order. Let's see what Werner has
to say about it and if there are yet unclear reasons for the currently
specified way.
Kind regards
André
--
Greetings...
From: André Colomb
sac001.github.io, the certificate is *valid*. Nobody ever
questioned that. But it doesn't mean the above is untrue.
Stay safe.
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-user
ind that scheme :-) So, only anonymous in
theory.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
rd domains and invalid TLS
certificates as github.io.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
ey have every right to not care about OpenPGP at all and
let WKD requests fail ungracefully. Even the right to serve an invalid
wildcard certificate for sub-subdomains (which is still bad though).
Sorry for the long read, but I hope it clarifies the situation.
Regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
eing with your proposal. I don't mind to be proven wrong if it was
in fact my misunderstanding.
Kind regards
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
erver side, compared to the two DNS queries you need to make either
way.
Hope that helps.
André
--
Greetings...
From: André Colomb
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.g
hings on the domain.
In your setup, the valid TLS certificate for sac001.github.io is the
only one you'll get, so the "Direct" method fits perfectly.
Nice idea actually, but you'd have to check if GitHub actually allows
such use for "arbitrary" data distribution.
Good
here:
https://metacode.biz/openpgp/web-key-directory
It reports that the policy file is missing, which I think is a hard
requirement, no?
Also make sure that the MIME content type and
Access-Control-Allow-Origin headers are set correctly.
Kind regards,
André
--
Greetings...
From:
Hi Patrick,
>The Thunderbird developers and I have therefore agreed that it's much
>better to implement OpenPGP support directly in Thunderbird. The set of
>functionalities will be different than what Enigmail offers, and at
>least initially likely be less feature-rich. But in my eyes, this is
On 2018-01-22 18:06, André Colomb wrote:
>> the systemd user service takes care of automatically launching the
>> gpg-agent when the user connects to it via the ssh-agent protocol, so
>> this isn't required when using systemd.
>
> I can't see how it does that in my package
nt.socket unit file anywhere?
Any other ideas on how to debug this? What logging should I enable for
gpg-agent and how?
Btw. it affects both my Yubikey as well as file-based authentication
subkeys, so not specific to scdaemon apparently.
Regards
André
--
Greeting
s far, but today I found out that
updatestartuptty suffices.
Strange thing is, I could use the GPG part of gpg-agent already before
issuing that command. Why does that behave differently?
Can something be done to the systemd user unit file so the process gets
told the correct $DISPLAY at leas
ast gives some indication,
but is not easy data to interpret.
Did I miss some option here, or are any such additions planned?
Regards
André
--
Greetings...
From: André Colomb <an...@colomb.de>
signature.asc
Description: OpenPGP digital signature
___
Gnupg
-
Greetings...
From: André Colomb <an...@colomb.de>
0x9F45D0FB.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
31 matches
Mail list logo