WKD documentation (Re: Testing WKD setup?)
wiktor at metacode.biz
Tue Jul 9 15:50:01 CEST 2019
On 09.07.2019 15:02, Bernhard Reiter wrote:
> Note that on Wiktor's page a few details are missing:
> * policy file is needed
> * directory listing strongly recommend to be off
> * minimum version of gpg that has --with-wkd (some versions don't).
Policy file is checked during WKD check (and I saw the original poster
did set it up). Checking directory listing would be an interesting thing
to add! (Although this would be only heuristic).
--with-wkd gpg version is definitely good thing to add, thanks for the idea!
> BTW, last week we've updated
> with a how to use gpg-wks-client on Gnu and Windows systems
> to create a flat file structure.
What I like in WKD most is that it's a super-simple standard. Once upon
a time I mailed random PGP-using people asking if they'd consider
setting it up and the feedback has been overwhelmingly positive. The
only thing I needed was basically the local-part hash and actually
that's what I built the checker for, to generate the URL in an easy way,
even without GPG.
--with-wkd mentioned by Alyssa is what I used previously and it was good
but ultimately I've become too lazy to use even that :)
As Phil mentioned the checker has not been updated to latest specs and
gives warnings for issues that I think should be part of the spec (I
mentioned them on the OpenPGP mailing list but did not receive any
feedback from the I-D author).
> Best Regards,
> ps.: Thanks Wiktor for explaning WKD
No problem! I actually also implemented WKD in a couple of projects in
three different languages (OpenKeychain, OpenPGP.js, initial support in
Mailpile, I did have a patch for mutt but they didn't like the idea :)),
so the I-D looks solid!
> I thought you'd be interested in the
> feedback. :)
Yep, thanks for the CC, I'm not subscribed to the ML at all times!
See you later!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 919 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users