On Tue, Jan 12, 2021 at 11:02 PM Daniele Nicolodi <dani...@grinta.net> wrote:
> The point of WKD is using the trust of the CA machinery (and the > assumption that the email infrastructure and web servers serving a > specific domain are run by the same organization) to securely retrieve > OpenPGP keys associated to an email address. There keys can then be used > to communicate with the older of the email address. > > The party in the communication are identified by email addresses. > > In your scheme there are no email addresses. How is retrieving an > OpenPGP key from a random .github.io subdomain from obtaining it in any > other untrusted way? What is the line of trust in the scheme you are > proposing? Please let me clarify one thing (and I do not want to play or act like a teacher, uknown to you or others) Before PGP was invented by Mr. Zimmermann, public key cryptography does not needed a Web of Trust, nor a public key which has to bear a name or an email address! I for example use besides OpenPGP software also public key crypto software based on Professor Bernstein's NaCl library, with friends in the United States, Canada and Germany. This public key is a 256bit key with not a single content of MetaData and communicating with my friends is authenticated. Public Key Cryptography does not mean, even If I place my publicty available key on a site, that the whole world needs to know with whom I communicate and from which channels. It is IMHO a misunderstanding people make, new to public key cryptography, while only knowing popular OpenPGP software. sequoia-pgp, in that respect, honors this old principle and allows for exampla also users to create a key pair which does not need a UID ant therefore can act, same as NaClbox the classic way of public key cryptography. The reason why I like also the option for, let's say github.io pages is that, like I have shown in the whole thread that a very well known site like GitHub, with it's millions of software developes allows one to host, via WKD, a mutli-purpose usage public-key without revealing to much details. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users