Re: [PATCH v2 bpf 00/11] bpf: random unpopular userspace fixes (32 bit et al)
From: Toke Høiland-Jørgensen
Date: Wed May 04 2022 - 07:34:17 EST
Alexander Lobakin <alobakin@xxxxx> writes:
> From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
> Date: Wed, 20 Apr 2022 17:40:34 -0700
>
>> On Wed, Apr 20, 2022 at 5:38 PM Alexander Lobakin <alobakin@xxxxx> wrote:
>>
>> Again?
>>
>> -----BEGIN PGP MESSAGE-----
>> Version: ProtonMail
>>
>> wcFMA165ASBBe6s8AQ/8C9y4TqXgASA5xBT7UIf2GyTQRjKWcy/6kT1dkjkF
>> FldAOhehhgLYjLJzNAIkecOQfz/XNapW3GdrQDq11pq9Bzs1SJJekGXlHVIW
>
> ProtonMail support:
>
> "
> The reason that some of the recipients are receiving PGP-encrypted
> emails is that kernel.org is providing public keys for those
> recipients (ast@xxxxxxxxxx and toke@xxxxxxxxxx specifically) via WKD
> (Web Key Directory), and our API automatically encrypts messages
> when a key is served over WKD.
>
> Unfortunately, there is currently no way to disable encryption for
> recipients that server keys over WKD but the recipients should be
> able to decrypt the messages using the secret keys that correspond
> to their public keys provided by kernel.org.
> This is applicable both to messages sent via the ProtonMail web app,
> and messages sent via Bridge app.
>
> We have forwarded your feedback to the appropriate teams, and we
> will see if we can implement a disable encryption option for these
> cases. Unfortunately, we cannot speculate when we might implement
> such an option.
> "
>
> Weeeeeird, it wasn't like that a year ago.
Well, they're also doing something non-standard with their WKD
retrieval, so maybe that changed? GPG itself will refuse to retrieve a
key that doesn't have the email address specified in the key itself:
$ gpg --locate-keys toke@xxxxxxxxxx
gpg: key 4A55C497F744F705: no valid user IDs
gpg: Total number processed: 1
gpg: w/o user IDs: 1
gpg: error retrieving 'toke@xxxxxxxxxx' via WKD: No fingerprint
Given that they do it this way, I suppose this will affect every
@kernel.org address that has a PGP key attached (of which there are
currently 519, according to pgpkeys.git)...
-Toke