On Tue, 2 Jul 2019 15:40, konstan...@linuxfoundation.org said:
> When this happens, a maintainer who tries to verify a signed pull
> request will have the operation fail, so they need to have a way to
> force-refresh the developer's key. I would say this is the #1 workflow
Agreed. A signature c
Hi Konstantin,
On 02.07.2019 21:40, Konstantin Ryabitsev wrote:
Most subkey changes that I am aware of are not due to people's old
subkeys expiring, but because they add new ones for reasons like
migrating between smartcard solutions or just being nerdy and picking a
new ECC-based subkey.
Wh
On Mon, Jul 01, 2019 at 06:41:41PM +0200, Werner Koch via Gnupg-users wrote:
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
- subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we h
Am Montag 01 Juli 2019 18:33:41 schrieb Werner Koch via Gnupg-users:
> I consider to change this so that gpg always tries to update
> an expired key via the WKD.
To add to this:
The idea for WKD was to be able to improve the algorithm when a new search is
done. It is just obvious that the extreme
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
> - subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we have a
problem unless we do a regular refresh similar to what should be done
for
On Mon, 1 Jul 2019 15:13, gnupg-users@gnupg.org said:
> distribution keys in Gentoo. However, the main problem with WKD right
> now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
Actually gpg updates expired keys via WKD. However, to not break things
and not to go out and
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain. I suppose this has been discussed to death, but
wouldn't it make sense to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Oops, forgot to sign it.
I'm kind of a corner case, but I can't use wkd because I don't control
my top level domain for my email. I also can't use DANE for the same
reason. I can and do use DNS CERT records because it allows a
second-level domain
On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
The problem with autocrypt are the cases where its security measures
are
tested. There is not good way to interact with the users in those cases.
I know this is not parts of its design goals, but it works against a bet
On Mon, 2019-07-01 at 12:18 +0200, Bernhard Reiter wrote:
> Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> > Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> > most mature and the easiest for email users.
>
> The problem with autocrypt are the cases where
Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> most mature and the easiest for email users.
The problem with autocrypt are the cases where its security measures are
tested. There is not good way to interac
11 matches
Mail list logo
