Web Key Directory: refreshing keys
andrewg at andrewg.com
Mon Jun 25 14:15:17 CEST 2018
On 25/06/18 12:03, Wiktor Kwapisiewicz via Gnupg-devel wrote:
> Would refresh via WKD be a good idea?
It might be a good idea if used in addition to keyserver refresh. I
would be worried that relying on WKD alone would prevent the propagation
of revocations. At the moment, if you want to block revocation
distribution you have to take down the entire keyserver network
(although that's looking more plausible these days!). With WKD you only
have to block or fake one DNS server.
The WKD server operator would typically be the same person/organisation
as the email server operator - so leaking relationship data may not
necessarily lead to them learning anything more than they already can.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 862 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel