publishing PGP keys in DNS

Bjoern Schiessle bjoern at
Wed Dec 21 12:00:40 CET 2016

Hi Werner,

thanks for the explanation.

On Wed, 21 Dec 2016 09:22:17 +0100 Werner Koch wrote:
> Anyway, I would suggest to avoid DNS and use the Web Key Directory
> instead. See
> <>. I
> can also offer to work with to setup the whole thing
> for all their users.

Yesterday I already set this up successfully for my domain
( I just thought that having the DNS record as well would
be a nice addition. But then I will just keep the WKD if this is the
recommended way.

One more question to the WKD. I changed my gpg.conf to:

auto-key-locate cert pka wkd keyserver

Does this means that gpg will try to find a WKD and a corresponding
public key automatically if I write a email to someone I don't have a
public key yet? Or will the lookup happen if I receive a mail?


Björn Schießle <bjoern at>
twitter: @schiessle
gnupg/pgp key: 0x0x2378A753E2BF04F6
fingerprint: 244F CEB0 CB09 9524 B21F B896 2378 A753 E2BF 04F6
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161221/88f2b8e7/attachment.sig>

More information about the Gnupg-users mailing list