Re: [openpgp] Web Key Directory I-D -07

Werner Koch <> Tue, 13 November 2018 21:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 52142130DCB for <>; Tue, 13 Nov 2018 13:15:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2djTL_rmWDVj for <>; Tue, 13 Nov 2018 13:15:11 -0800 (PST)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B69CA130DE0 for <>; Tue, 13 Nov 2018 13:15:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=e2vjEm5IBMT5SaJHSLTkRuE5od/j+t8RiUyZS2MtzwY=; b=Dau+SBztjtdYevA722PHf8pM0Q DZqvQKyXPJTGwtAWz3t6zzgeVypIYoHwoGdo/Pqhr9j5UotIKnxLgHj4lftNOVKWt68Hj8FUOxUPa VxI5ddwlnz0Ups0i293xzcDeFgsD87v8xQbcQkzTw68uIlE4zpQVN6IscTwSR0RCxTN8=;
Received: from uucp by with local-rmail (Exim 4.89 #1 (Debian)) id 1gMg1d-0003jp-2G for <>; Tue, 13 Nov 2018 22:15:09 +0100
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1gMg0I-00059y-KT; Tue, 13 Nov 2018 22:13:46 +0100
From: Werner Koch <>
To: Bart Butler <>
Cc: "openpgp\" <>
References: <> <>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Bart Butler <>, "openpgp\" <>
Date: Tue, 13 Nov 2018 22:13:46 +0100
In-Reply-To: <> (Bart Butler's message of "Tue, 13 Nov 2018 20:35:15 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=keyhole_morse_SRI_Belknap_Vince_Foster_Bosnia_Merlin_CID_CISU_securi"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [openpgp] Web Key Directory I-D -07
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 13 Nov 2018 21:15:14 -0000

On Tue, 13 Nov 2018 21:35,

> routing in the same way for WKD as it does for incoming mail. As such,
> things like case, subaddresses with +, catch-all, etc. will

We had some internal discussion and came to the conclusion that it is
best to not care about sub-addresses in the protocol.  It should be a
MUA only thing and nobody should create a key for a subaddress.

With the help of Kristian I took a look at the 5.3 million keys on the
SKS servers and we found only 3055 unique mailboxes with a '+' in it.
After removing leading and trailing '+' as well as multiple '+'
(e.g. "c++" or "foo+bar+baz") 2697 were left which seem to be valid

Now this is definitely a minority and there oweners can be asked (or
gpg-wks-client does it on the fly) to create another user-id without the

To help MUAs, I started to change gpg to strip off sub-addresses; at
least for WKD queries.

> So if I request from ProtonMail, I would
> get a key back with, and the clients could

I doubt that we can do anything about this except for adding another
user id to the key.  There would be just too many cases and that simple
protocol would be much complex to implement and also fully lose the
property of a simple one to one match.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.