On Montag, 31. Januar 2022 15:58:22 CET Piotr Morgwai Kotarbinski via Gnupg- users wrote: > I have a public key with a photo-ID uploaded to WKD at my domain and when I download it manually and import to gpg, everything works as expected: [...] > However if I try to locate the same key automatically using WKD mechanism, then the attached photo-ID is not imported into my keyring: [...] > Is this intended or is it a bug?
Yes, this is intended. Keys retrieved via WKD are always imported with the
equivalent of the import filter {keep-uid=<email address used for WKD
retrieval>}.
The reasoning is that only user ids matching the email address used to
retrieve the key via WKD can be somewhat trusted (if you trust the people
running the WKS). Any other user id including photo ids on the key could be
fake, i.e. you could easily add the photo of another person as photo id to
your key.
Regards,
Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
