Web Key Directory: refreshing keys

Andrew Gallagher andrewg at andrewg.com
Mon Jun 25 14:15:17 CEST 2018

On 25/06/18 12:03, Wiktor Kwapisiewicz via Gnupg-devel wrote:
> Would refresh via WKD be a good idea?

It might be a good idea if used in addition to keyserver refresh. I
would be worried that relying on WKD alone would prevent the propagation
of revocations. At the moment, if you want to block revocation
distribution you have to take down the entire keyserver network
(although that's looking more plausible these days!). With WKD you only
have to block or fake one DNS server.

The WKD server operator would typically be the same person/organisation
as the email server operator - so leaking relationship data may not
necessarily lead to them learning anything more than they already can.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180625/6117fc16/attachment.sig>

More information about the Gnupg-devel mailing list