Re: Thunderbird reading Werner mail structure about How to report issues and suggest changes to the Web Key Directory specification
I'm using TB 78.7 as well and I can read Werner's posts just fine. The other issue is with the key. TB reports back that it has an uncertain signature (mismatch). On 1/29/2021 6:02 PM, Ángel wrote: On 2021-01-29 at 18:41 +0100, Daniele Nicolodi wrote: Hello, this is only to report that Thunderbird 78.7.0 is unable to make sense of the MIME structure of Werner's email and it only visualizes the mailing list footer as the body of the email. I don't know if the issue is with Thunderbird or with Werner's MUA, although I suspect the first. Cheers, Dan Hello Daniele It's probably an issue of Thunderbird, or maybe of your MTA. I have no issue with a different client. The original structure of Werner mail was: multipart/signed text/plain application/pgp-signature After going through the mailing list, it added the mailing list footer as another part, so it became multipart/mixed multipart/signed text/plain application/pgp-signature text/plain Maybe you can check if you can view an email with this structure in thunderbird source. If so, it's probably failing the "decryption" (signature checking, actually), and just returning an empty block there. Best regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- PGP Key Upon Request ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Thunderbird reading Werner mail structure about How to report issues and suggest changes to the Web Key Directory specification
On 2021-01-29 at 18:41 +0100, Daniele Nicolodi wrote: > Hello, > > this is only to report that Thunderbird 78.7.0 is unable to make > sense > of the MIME structure of Werner's email and it only visualizes the > mailing list footer as the body of the email. > > I don't know if the issue is with Thunderbird or with Werner's MUA, > although I suspect the first. > > Cheers, > Dan Hello Daniele It's probably an issue of Thunderbird, or maybe of your MTA. I have no issue with a different client. The original structure of Werner mail was: multipart/signed text/plain application/pgp-signature After going through the mailing list, it added the mailing list footer as another part, so it became multipart/mixed multipart/signed text/plain application/pgp-signature text/plain Maybe you can check if you can view an email with this structure in thunderbird source. If so, it's probably failing the "decryption" (signature checking, actually), and just returning an empty block there. Best regards ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
Hello, this is only to report that Thunderbird 78.7.0 is unable to make sense of the MIME structure of Werner's email and it only visualizes the mailing list footer as the body of the email. I don't know if the issue is with Thunderbird or with Werner's MUA, although I suspect the first. Cheers, Dan On 29/01/2021 16:09, Werner Koch via Gnupg-users wrote: > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
On Thu, 28 Jan 2021 21:35, Daniel Kahn Gillmor said: > Maybe Werner can clarify what place he'd prefer and we can consolidate > the issue tracking there. Please send patches to gnupg-devel or if you need a bug tracker, use dev.gnupg.org with the wkd tag/project. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
On Fri 2021-01-29 01:20:55 +0100, Ángel wrote: > Oh, nice. I had only located > https://gitlab.com/openpgp-wg/webkey-directory which stops at -08. This > one has been further updated. yep, see the thread starting at https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062844.html and concluding at https://lists.gnupg.org/pipermail/gnupg-users/2019-November/063056.html for background on the two different repos. > It would be very useful to know where are issues expected to be raised. > During this thread there were a few points that would be very > appropriate to have filled somewhere, at the very least so that they > don't get forgotten. I agree that having a consistent and dedicated place for issues to be filed (if they're not addressed immediately) is useful. https://gitlab.com/openpgp-wg/webkey-directory/-/issues was intended to be that place after discussion with Werner, but it doesn't appear to have seen much use since it was created. Maybe Werner can clarify what place he'd prefer and we can consolidate the issue tracking there. --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
On 2021-01-28 at 17:27 -0500, Daniel Kahn Gillmor via Gnupg-users wrote: > I think you can find a git repo that contains org-mode source here: > > git clone https://dev.gnupg.org/source/gnupg-doc.git > > it's in the misc/id/openpgp-webkey-service folder, and might require > a modified version of pandoc2rfc (see the Makefile in that folder, i > haven't tested). It _mostly_ builds fine. There are a few quirks, in addition to "normal" dependencies (emacs, sed pandoc, xml2rfc, xsltproc), you need to install pandoc2rfc[1] and change directly in its code "-t docbook" to "-t docbook4" On the resulting draft, I find it considers it as created o November 1 instead of November 17, and that all quote characters did not reach there. Best regards 1- https://github.com/miekg/pandoc2rfc ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
On 2021-01-28 at 17:27 -0500, Daniel Kahn Gillmor via Gnupg-users wrote: > I think you can find a git repo that contains org-mode source here: > > git clone https://dev.gnupg.org/source/gnupg-doc.git > > it's in the misc/id/openpgp-webkey-service folder, and might require a > modified version of pandoc2rfc (see the Makefile in that folder, i > haven't tested). Oh, nice. I had only located https://gitlab.com/openpgp-wg/webkey-directory which stops at -08. This one has been further updated. (cfdc5358402e3c49be5ffe509a61b995399bb528 on gitlab is 21258d2561d3e0b88cc58286049e5fc24c9dbb1e in gnupg-doc, it misses the last 4 commits) > I usually encourage any author of an Internet Draft to include a > reference to their preferred issue tracker/source repo in the draft > itself while it's in process -- the information can be stripped out > once the draft stabilizes, or at the final stage of publication. +1 > I've reported concerns about the draft on https://dev.gnupg.org using > the "wkd" tag, though that tag is also used for bug reports, feature > requests, etc for the wkd implementation in GnuPG itself: > > https://dev.gnupg.org/project/profile/108/ > > I don't know whether there is a preferred way to report concerns or > suggest problems with the spec. Perhaps Werner can suggest what he > prefers? +1 as well It would be very useful to know where are issues expected to be raised. During this thread there were a few points that would be very appropriate to have filled somewhere, at the very least so that they don't get forgotten. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
How to report issues and suggest changes to the Web Key Directory specification [was: Re: Please tackle the Right Thing]
On Wed 2021-01-27 22:49:13 +0100, André Colomb wrote: > By the way, is there something like a repository to send and discuss > pull requests against the WKD draft document? Or is it just > hand-crafted text edited by the submitter based on suggestions? I think you can find a git repo that contains org-mode source here: git clone https://dev.gnupg.org/source/gnupg-doc.git it's in the misc/id/openpgp-webkey-service folder, and might require a modified version of pandoc2rfc (see the Makefile in that folder, i haven't tested). I've reported concerns about the draft on https://dev.gnupg.org using the "wkd" tag, though that tag is also used for bug reports, feature requests, etc for the wkd implementation in GnuPG itself: https://dev.gnupg.org/project/profile/108/ I don't know whether there is a preferred way to report concerns or suggest problems with the spec. Perhaps Werner can suggest what he prefers? I usually encourage any author of an Internet Draft to include a reference to their preferred issue tracker/source repo in the draft itself while it's in process -- the information can be stripped out once the draft stabilizes, or at the final stage of publication. Regards, --dkg signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Web Key Directory
On Fri, 26 Jul 2019 10:53:59 +0100 David wrote: Hello David, >https//gbenet.com/wksdirectory - will this do for my key retrieval? AIUI, that won't work - there are specific requirements regarding key location along with directories and files and their naming that are required. See https://wiki.gnupg.org/WKDHosting -- Regards _ / ) "The blindingly obvious is / _)radnever immediately apparent" We don't give a damn One Chord Wonders - The Adverts pgpCwhNkWuzKm.pgp Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Web Key Directory
Hello All, If I create a folder on my server WKSDirectory" then upload my public keys to it - and then give the: https//gbenet.com/wksdirectory - will this do for my key retrieval? They then just pick the public key they want to download? It's uncomplicated :) David -- People Should Not Be Afraid Of Their Government - Their Government Should Be Afraid Of The People - When Injustice Becomes Law, REBELLION Becomes A DUTY! Join the Rebellion Today! https://gbenet.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Hosting a Web Key Directory
Hi! I just published how to host your own Web Key Directory on the gnupg blog. Find below a plain text version of my blog entry https://gnupg.org/blog/20161027-hosting-a-web-key-directory.html Andre 1 Hosting a Web Key Directory ═ With the improvements in GnuPG for Key Discovery (see: [Key Discovery Made Simple]) you may want to provide the OpenPGP keys for your domain. The Web Key Service (WKS) describes a protocol for Mail Service Providers or large organisations to maintain a Web Key Directory (WKD) for their users. A Web Key Directory is a static collection of keys provided under well known URLs under your domain. This directory can also be manually generated without using the Web Key Service protocol. By providing a Web Key Directory other people (or their Mail Software) can obtain the OpenPGP keys for your domain with a simple query like: ┌ │ $ gpg --auto-key-locate wkd --locate-keys └ In this note, I explain how to do that. Note: An updated version of this article may be available in the [GnuPG Wiki] [Key Discovery Made Simple] https://www.gnupg.org/blog/20160830-web-key-service.html [GnuPG Wiki] https://wiki.gnupg.org/WKD#Hosting%20a%20Web%20Key%20Directory 1.1 Requirements • A web server that provides https with a trusted certificate for your domain. • A client machine with Python and PyME installed (debian package python-pyme) • The script: [generate-openpgpkey-hu] (in the [Mercurial repository "wkd-tools"]) [generate-openpgpkey-hu] https://hg.intevation.de/gnupg/wkd-tools/raw-file/default/generate-openpgpkey-hu [Mercurial repository "wkd-tools"] https://hg.intevation.de/gnupg/wkd-tools/ 1.2 Setup ─ You can either export all the keys in your keyring that belong to a domain or provide an explicit keyring containing just those keys that you want to publish. The call: ┌ │ $ ./generate-openpgpkey-hu example.com hu └ Will create a directory called hu containing all the keys with user ids that include @example.com. If there are multiple valid keys for a user in your keyring this command will error out. In that case you can prepare a keyring with only the keys that you want to publish. For example: ┌ │ $ gpg --export 94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1 | \ │ > gpg --no-default-keyring --keyring ./wkd-keyring.gpg --import └ And then provide that keyring to generate-openpgpkey-hu: ┌ │ ./generate-openpgpkey-hu example.com hu wkd-keyring.gpg └ 1.3 Publishing ── The hu directory has to be published on your server as ┌ │ https://example.com/.well-known/openpgpkey/hu/ └ Create the directory structure and set the permissions accordingly. This example [Makefile] automates the hu directory generation and publishing. Edit the variables at the top of the makefile to set `RSYNC_TARGET' The `KEYRING' variable is optional and can be left empty. That's it. You can now test your setup by calling: ┌ │ $ gpg --auto-key-locate wkd --locate-keys └ you should see something like this: ┌ │ gpg: key AC12F94881D28CB7: public key "testuse...@test.gnupg.org" imported │ gpg: Total number processed: 1 │ gpg: imported: 1 │ gpg: automatically retrieved 'testuse...@test.gnupg.org' via WKD │ pub ed25519 2016-07-15 [SC] │ 5506894357DC548CC65B0BCFAC12F94881D28CB7 │ uid [ unknown] testuse...@test.gnupg.org │ sub cv25519 2016-07-15 [E] └ [Makefile] https://hg.intevation.de/gnupg/wkd-tools/raw-file/default/Makefile.example -- Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/ Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998 Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Web Key Directory / Web Key Service wiki page
https://wiki.gnupg.org/WKD > === Mail Service Providers > * (gnupg.org) Testing accounts by request for developers implementing WKS > in Free Software MUAs. Posteo announced that they will fully support WKD/WKS in the next months. https://wiki.gnupg.org/EasyGpg2016/PubkeyDistributionConcept has been completely reworked. Catching more of the design process and the current status of what changes are still being discussed. It is a 10 page document now, so I'm not posting it here (let me know, if you'd prefer this). What do you think about these wiki-pages? I will now see if I can approach more mail service providers. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Web Key Directory / Web Key Service wiki page
https://wiki.gnupg.org/WKD Feedback and help appreciated! :) Bernhard = Much easier Email crypto, by fetching pubkey via HTTPS == How does it work? As an email user, you just select the recipient(s) and can see that the email will be encrypted. If you and your peers use email-providers offering this "web key service", it works by the first email. Otherwise encryption will start after you have exchanged some emails. Technically your email client will automatically * prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers). * sign all emails so others see that you are ready for crypto (unless you opt out) * ask the mail provider of your recipients for their pubkeys. An email-provider offering the "web key service" technically has to * provide a pubkey for each user via ~HT~TPS * allow each user's email client to automatically manage the pubkey that gets published by email. == Details / Discussion of the proposal * [[EasyGpg2016/PubkeyDistributionConcept]] <- the (technical) details [..] -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users