Questions on gpg-wks-server

Sun Apr 30 13:39:26 CEST 2023

Hi!

On Tue, 25 Apr 2023 08:48, Gregor Düster said:

> How does gpg-wks-server determines which domains should be processed?
> My best guess would be it uses the top level directories for domains
> (e.g. at the default /var/lib/gnupg/wks or at the path specified with
> -C).

That is correct.  Requests with no domain configured below that
directory are ignored.  For example for gnupg.org we have

$ ls -l /var/lib/gnupg/wks/gnupg.org/
drwxr-sr-x 3 webkey webkey 4096 Mar 11  2019 hu
drwx--S--- 2 webkey webkey 4096 Jul  5  2021 pending
-rw-r--r-- 1 webkey webkey    0 Nov 14  2017 policy
-rw-r--r-- 1 webkey webkey   21 Aug 31  2016 submission-address

and we have a daily cronjob running "gpg-wks-server -v --cron" to clean
up pending requests after 3 days.

> Does gpg-wks-server strip UIDs from the submitted keys from domains
> that are not configured?

Confirmation requests are sent for all addresses found in the submitted
key as long as the domain is configured.  However, gpg-wks-client sends
the keys only with one user id.

> How does gpg-wks-server deal with multiple user IDs in general?  Will
> it send out multiple confirmation requests provided the domains are
> configured?

Exactly.

> Does gpg-wks-server drop a publication request if a key has no UIDs
> with any of the configured domains?

Yes.

Salam-Shalom,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20230430/9723bc6e/attachment.sig>