On Samstag, 9. Januar 2021 20:50:54 CET Stefan Claas via Gnupg-users wrote: > On Sat, Jan 9, 2021 at 8:08 PM Stefan Claas > <spam.trap.mailing.li...@gmail.com> wrote: > > host sac001.github.io > > sac001.github.io has address 185.199.111.153 > > sac001.github.io has address 185.199.109.153 > > sac001.github.io has address 185.199.110.153 > > sac001.github.io has address 185.199.108.153 > > > > works as well and why can sequoia-pgp handle this and not GnuPG, > > or gpg4win? Couldn't they not fall back then as well to the direct method? > > Wrong wording, not fall back but try direct method if for advanced method > a cert error occurs.
The spec explicitly says: "Only if the required sub-domain does not exist, they SHOULD fall back to the direct method." Do you really think it would be a good idea if an application like gpg would simply ignore a certificate error and then try something else? Missing or wrong checks of server certificates are among the most common security problems in many apps because they open the door for MITM attacks. Yes, I know you don't suggest that gpg retrieves the key via the subdomain if the certificate check for the subdomain fails, but I still think it's wrong to ignore a potential security problem and try something else, unless the user told gpg explicitly to use the direct method only. (I haven't checked if there's an option for this.) Apparently, sequoia-pgp chose usability over following the spec to the letter. I hope they considered possible security implications. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
