Including non-selfsigs in WKD?

Dashamir Hoxha dashohoxha at gmail.com
Sun Jul 10 13:11:50 CEST 2022


On Sun, Jul 10, 2022 at 10:27 AM Ingo Klöcker <kloecker at kde.org> wrote:.

>
> The preferred way to "export" the key data to publish via WKD (not by the
> spec, but by WKD's inventor) is to use gpg-wks-client.
>

WKD and WKS are different things (as far as I know), so "gpg-wks-client" is
probably not a suitable name for the tool. It may cause some confusion to
the users.

The point of WKD is that your trust in the domain owner replaces the nerdy
> web-of-trust. WKD is supposed to provide small keys, not gigantic keys with


My understanding is that the point of WKD is to make public keys
discoverable automatically, thus being an alternative (or replacement) for
the keyserver infrastructure.
I don't see why it should replace the web-of-trust, even if it is nerdy.
Also I don't see why the keys should be small, as long as their size is
under the user's control.

1000s of third-party signatures. But in the end it's up to you what you
> publish. But don't expect gpg to import via WKD anything and everything
> you
> publish, e.g. it strips all user IDs not matching the looked up email
> address
> and it imports at most 5 keys.
>

Maybe it makes sense, but I still don't understand why it should strip the
other user IDs, even if they are useless or redundant.
Also I don't understand the meaning of "it imports at most 5 keys", and why
such a limit is necessary (or why it is a good practice).

Regards,
Dashamir
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220710/ed5ea27c/attachment-0001.html>


More information about the Gnupg-devel mailing list