distributing pubkeys: autocrypt, hagrid, WKD (Re: Your Thoughts)

Michał Górny mgorny at gentoo.org
Mon Jul 1 15:13:29 CEST 2019

On Mon, 2019-07-01 at 12:18 +0200, Bernhard Reiter wrote:
> Am Montag 01 Juli 2019 01:36:41 schrieb Robert J. Hansen:
> > Now we've got Autocrypt, WKD, and Hagrid: of these Autocrypt is probably the
> > most mature and the easiest for email users.
> The problem with autocrypt are the cases where its security measures are 
> tested. There is not good way to interact with the users in those cases.
> I know this is not parts of its design goals, but it works against a better
> user experience.
> The progrem with hagrid (from what I've heard) is that it is again an attempt 
> of a validating keyserver, which means it has to centralize the trust 
> function or there is no point in the validation.
> This makes WKD most mature and easiest for users in my eyes. (I was involved 
> in its design.).

I agree.  This is precisely why we've decided it for syncing
distribution keys in Gentoo.  However, the main problem with WKD right
now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
-- we had to employ a large hack to do it.

Best regards,
Michał Górny

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190701/46c6c9e2/attachment.sig>

More information about the Gnupg-users mailing list