Alexander Lobakin <alobakin@xxxxx> writes: > From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx> > Date: Wed, 20 Apr 2022 17:40:34 -0700 > >> On Wed, Apr 20, 2022 at 5:38 PM Alexander Lobakin <alobakin@xxxxx> wrote: >> >> Again? >> >> -----BEGIN PGP MESSAGE----- >> Version: ProtonMail >> >> wcFMA165ASBBe6s8AQ/8C9y4TqXgASA5xBT7UIf2GyTQRjKWcy/6kT1dkjkF >> FldAOhehhgLYjLJzNAIkecOQfz/XNapW3GdrQDq11pq9Bzs1SJJekGXlHVIW > > ProtonMail support: > > " > The reason that some of the recipients are receiving PGP-encrypted > emails is that kernel.org is providing public keys for those > recipients (ast@xxxxxxxxxx and toke@xxxxxxxxxx specifically) via WKD > (Web Key Directory), and our API automatically encrypts messages > when a key is served over WKD. > > Unfortunately, there is currently no way to disable encryption for > recipients that server keys over WKD but the recipients should be > able to decrypt the messages using the secret keys that correspond > to their public keys provided by kernel.org. > This is applicable both to messages sent via the ProtonMail web app, > and messages sent via Bridge app. > > We have forwarded your feedback to the appropriate teams, and we > will see if we can implement a disable encryption option for these > cases. Unfortunately, we cannot speculate when we might implement > such an option. > " > > Weeeeeird, it wasn't like that a year ago. Well, they're also doing something non-standard with their WKD retrieval, so maybe that changed? GPG itself will refuse to retrieve a key that doesn't have the email address specified in the key itself: $ gpg --locate-keys toke@xxxxxxxxxx gpg: key 4A55C497F744F705: no valid user IDs gpg: Total number processed: 1 gpg: w/o user IDs: 1 gpg: error retrieving 'toke@xxxxxxxxxx' via WKD: No fingerprint Given that they do it this way, I suppose this will affect every @kernel.org address that has a PGP key attached (of which there are currently 519, according to pgpkeys.git)... -Toke
