Web Key Discovery

Damien Goutte-Gattat dgouttegattat at incenp.org
Wed Mar 21 18:59:17 CET 2018


On 03/21/2018 02:44 PM, Sam Bull wrote:
> If I understand correctly, the web key directory must return a key containing a
> matching email address. It also doesn't seem to support any wildcards,

If I understand your setup correctly, your problem is not with the Web 
Key Directory system, but with OpenPGP itself, as OpenPGP keys indeed 
don't support wildcards.

> so there needs to be a new PGP key for every single alias.

Not necessarily. An OpenPGP key can have more than one User ID 
associated to it. As far as I know, there's no arbitrary limit to the 
number of User IDs one can attach to a key. I am not sure whether it 
would be a good idea to have a single key associated to >1000 aliases, 
but it should be possible.

> Am I right, or is there a way to make this work with my email system?

If your system generates a new alias on the fly when someone want to 
contact you, it would have to also add a new User ID to your key at that 

This is doable, but sounds like a terrible idea to me, as it implies 
among other things that your server would need to be able to use your 
master primary key (this is necessary to add any new User ID) at any time.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180321/82627121/attachment.sig>

More information about the Gnupg-devel mailing list