Web Key Discovery
Damien Goutte-Gattat
dgouttegattat at incenp.org
Wed Mar 21 18:59:17 CET 2018
Hi,
On 03/21/2018 02:44 PM, Sam Bull wrote:
> If I understand correctly, the web key directory must return a key containing a
> matching email address. It also doesn't seem to support any wildcards,
If I understand your setup correctly, your problem is not with the Web
Key Directory system, but with OpenPGP itself, as OpenPGP keys indeed
don't support wildcards.
> so there needs to be a new PGP key for every single alias.
Not necessarily. An OpenPGP key can have more than one User ID
associated to it. As far as I know, there's no arbitrary limit to the
number of User IDs one can attach to a key. I am not sure whether it
would be a good idea to have a single key associated to >1000 aliases,
but it should be possible.
> Am I right, or is there a way to make this work with my email system?
If your system generates a new alias on the fly when someone want to
contact you, it would have to also add a new User ID to your key at that
moment.
This is doable, but sounds like a terrible idea to me, as it implies
among other things that your server would need to be able to use your
master primary key (this is necessary to add any new User ID) at any time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180321/82627121/attachment.sig>
More information about the Gnupg-devel
mailing list