On Wed, Jan 13, 2021 at 11:45 PM André Colomb <an...@colomb.de> wrote: > > Am 13. Januar 2021 21:44:07 MEZ schrieb Stefan Claas via Gnupg-users > <gnupg-users@gnupg.org>: > >Hi Juergen, > > > >looks like you are a bit upset, like probably others as well. > > I hope others don't mind me speaking in their names. Stefan, we are upset by > you making false accusations about which software does something right or > wrong. Both softwares are reacting differently to an error which lies in your > TLS certificate usage (as several people have proven multiple times). You're > not even to blame for that root cause, because it is not under your control. > Don't only look at the end result, but please try to understand that the > cause lies deeper than just the spec or the clients you tried.
I am fully ok with that. All my replies here where not intended to "accuse" someone! In my OP I kindly asked if a kind soul can help me and IIRC it was mentioned that the direct method is fine and I figured out that GnuPG seems not to try the direct method while sequoia-pgp tries the direct method. It had been *really* nice if Werner had chimed in, like Neal, and had explained by himself why this is a definetly a no-go to try the direct-method first, or in case why when the advanced method failed it does not try the direct method and what security implications this has. Maybe, I don't know, readers here on the ML are asking themselves now why do we have two methods, e.g. what is their purpose and what informations can one gain from an IMHO very nice WKD checker, Wiktor has created. If the draft will be changed in the future to only allow the advanced-method and the direct-method will be dropped, ok, I have to accept this, for GitHub usage and whatever sites have a similar set-up and that's it. Then maybe a question, from readers may come up, why it was dropped, when it was implemented in the first place, regardless of GitHub etc. > >I am not aware how their network is set-up and it is not my business, > >but would you not agree that it would be very nice to have a wildcard > >subdomain solution, for all their inhouse offices and employees email > >addresses, while managing themselves key distribution? > > It's a little unclear what *exactly* you mean with "a wildcard subdomain > solution". WKD can work perfectly with wildcards involved, both on the DNS > and TLS levels. But such things can be misconfigured and the spec even > explicitly mentions one possible pitfall including a solution. I think I have explained, at least for an expert like you, my set-up for 300baud.de, I would use. As soon as time permits I will do this, even if this cost me money I can spend for other things. But I gives me then a better overview and I can correct myself while thinking my set-up would be equally to GitHub's set-up. In case I get stucked I would like to ask you for advise. Please note: I will not use the advanced method, I like to see if this will work with sequoia-pgp and GnuPG. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
