Including non-selfsigs in WKD?
Ingo Klöcker
kloecker at kde.org
Sat Jul 9 16:36:29 CEST 2022
On Samstag, 9. Juli 2022 14:44:44 CEST Simon Josefsson via Gnupg-devel wrote:
> Dashamir Hoxha via Gnupg-devel <gnupg-devel at lists.gnupg.org> writes:
> > I agree that these things should be discussed and explained somewhere, in
> > user guides, tutorials, etc. But maybe not in the spec. The spec does not
> > even mention the command `gpg --export`, how can it describe and detail
> > export options?
>
> The spec can speak about what data should go into the file, that's the
> point of a specification. It shouldn't speak about
> implementation-specific commands of course. Right now it says any
> OpenPGP public key for the particular user is valid, but I don't think
> it says anything either way about which sub-packets of that public key
> are permitted, encouraged or forbidden in the WKD published data.
The preferred way to "export" the key data to publish via WKD (not by the
spec, but by WKD's inventor) is to use gpg-wks-client.
The point of WKD is that your trust in the domain owner replaces the nerdy
web-of-trust. WKD is supposed to provide small keys, not gigantic keys with
1000s of third-party signatures. But in the end it's up to you what you
publish. But don't expect gpg to import via WKD anything and everything you
publish, e.g. it strips all user IDs not matching the looked up email address
and it imports at most 5 keys.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220709/e6ad32a1/attachment.sig>
More information about the Gnupg-devel
mailing list