Order of lookup methods in --auto-key-retrieve
wk at gnupg.org
Mon Jul 1 19:29:39 CEST 2019
On Sun, 30 Jun 2019 21:36, gnupg-devel at gnupg.org said:
> The code checks first the keyserver and then the WKD domain. I guess
> this is to limit the number of IP-leaking queries and prefer trusted
Right that was one idea. The other reason is that it is not possible to
lookup a key from the WKD using a fingerprint. Before rfc-4880bis added
the /Issuer Fingerprint/ to signatures we only had the /Issuer's User
ID/ information in a signature to lookup a key. With 2.1.13 we added
the latter to all signatures if possible so to make --auto-key-retrieve
I guess we should keep this information to prefer updating via WKD.
> I'm wondering if reversing the order (first WKD, then keyserver)
> wouldn't be a better option. The current mechanism is not perfect, so
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel