Automatic WKD via keys.openpgp.org

[Bernhard Reiter]

Hi Vincent,

Am Sonntag 02 Februar 2020 23:36:42 schrieb Vincent Breitmoser via 
Gnupg-devel:
>  It works well for folks who want to
> publish their keys on WKD, but don't want to go through the hassle of
> maintaining the directory on their server. (like me, incidentally :)

it is good to have another possibility (if your mail provider is not yet 
providing one). 


Most people here understand that this has security drawbacks because it 
becomes a central keyserver with the ability to see whom tries to communicate 
with whom and a potential place to be monitored. Thus using a decentral way
to offer WKD seems to make the whole system more resilient and people using a 
decentral way via their mail provider a bit more secure.

How to we educate people about these significant drawbacks?
(And seriously shouldn't you set a good example and maintin the directory on 
your mail server? >;) It is just running one script in case your public key 
changes.)


Am Montag 03 Februar 2020 00:55:52 schrieb Vincent Breitmoser via Gnupg-devel:
> is deployed for my address. You can test it with commands like:

> > gpg  --no-default-keyring --locate-keys --auto-key-locate
> > clear,nodefault,wkd look at my.amazin.horse

gives me
gpg: error retrieving 'look at my.amazin.horse' via WKD: No data
gpg: error reading key: No data
(probably because gnupg2 from Debian oldstable, fetching pubkeys from many 
other sources work though.)

Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200303/c53413bd/attachment.sig>