WKD documentation (Re: Testing WKD setup?)

Wiktor Kwapisiewicz wiktor at metacode.biz
Tue Jul 9 20:51:41 CEST 2019

Hi Bernhard,

On 09.07.2019 16:47, Bernhard Reiter wrote:
>> Once upon
>> a time I mailed random PGP-using people asking if they'd consider
>> setting it up and the feedback has been overwhelmingly positive.
> Cool, if you receive answer, please help us to keep the list of supporting
> organisations growing at https://wiki.gnupg.org/WKD
> (We'd have to move it to a subpage soon.)

You can also add Debian there and occrp.org (although the latter doesn't 
have policy file :().

I think Linux distributions are particularly good target for WKD - they 
can manage their developer's keys. They use HTTPS and usually developers 
have e-mail aliases at the distro domain. Additionally now with GnuPG 
2.2.17 they can easily make first signature verification faster by 
utilizing Signer's UID packet (--sender option).

(As a side note, I did contact two distros with that in mind and one of 
them, I'll share this openly: Gentoo - did handle it in a very 
professional matter enabling WKD for developers in days and keeping me - 
an outsider - in the loop for the whole time. I'm still impressed by 
their execution!)

>> No problem! I actually also implemented WKD in a couple of projects in
>> three different languages (OpenKeychain, OpenPGP.js, initial support in
>> Mailpile,
> Cool! Anything more you can share?

I'll think about it, this was just the most pleasant experiences I had 
in contributing (in no particular order!). I've got a small to-do list 
for project that I still want to contribute WKD support but sadly I'm 
out of time currently :-/

>> I did have a patch for mutt but they didn't like the idea :))
> Do you have a link to your upstream submission? Maybe others users can help to
> state their interest?

Sure, take a look at the thread starting here:

(The patch is not there but it's basically setting external locate 
mechanism in gpgme so, except one bugfix that I also found, it would be 
a one-liner).

 From what I can see Werner also planned to add that but I don't know 
how it ended up:


> Did you also give it to https://neomutt.org/?

Neomutt deferred to Mutt's mailing list, see:

On the bright side I've seen other TUI mail clients planning to add WKD 
support e.g. Aerc (homepage: https://aerc-mail.org/), author's opinion 
on WKD: https://news.ycombinator.com/item?id=20091100

Kind regards,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 919 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190709/b1303e0f/attachment.sig>

More information about the Gnupg-users mailing list