Web Key Directory: refreshing keys

Wiktor Kwapisiewicz wiktor at metacode.biz
Mon Jun 25 13:03:45 CEST 2018


I would like to ask about the potential ability to refresh keys using 
Web Key Directory protocol.

As far as I know WKD can be used to locate keys (via --locate-key et al. 
and when verifying signatures with signer's UID embedded) but the keys 
retrieved via WKD are refreshed using keyservers only, never their 
original location.

Technically that would be possible (as the key origin is preserved).

The disadvantage would be that WKD server operator would see when people 
refresh keys within their domain.

I see also some advantages: there are less bytes to download (because 
binary, and because keyservers allow anyone to bloat the keys [0] [1]) 
and that it could allow managing keys without keyservers at all [2] (for 
example in case of a hypothetical GDPR-apocalypse).

Would refresh via WKD be a good idea?

Thanks for your input!

Kind regards,

[0]: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57

[1]: https://bitbucket.org/skskeyserver/sks-keyserver/issues/60

[2]: Of course someone else can put the keys in keyservers anyway but I 
mean providing authoritative key updates on WKD host.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180625/efc75d4c/attachment.sig>

More information about the Gnupg-devel mailing list