WKD question

[Dmitry Alexandrov]

Stefan Claas <sac at 300baud.de> wrote:
> Enigmail for Thunderbird on a fresh Ubuntu system
> when clicking on a signed message from a friend, which has properly set-up WKD Thunderbird/Enigmail can not fetch the pub key. :-(

Unfortunately, ‘can not’ is not very informative description.  Does it return any error?  How do you know that even tries?

> What have I to do that this works? I thought that GnuPG and Enigmail nowadays defaults to WKD too.

You mean, that you expect, that GPG should silently fetch absent keys when checking signatures out of a box?  No, it does not do that:

| '--auto-key-retrieve'
| '--no-auto-key-retrieve'
|      These options enable or disable the automatic retrieving of keys
|      from a keyserver when verifying signatures made by keys that are
|      not on the local keyring.  The default is '--no-auto-key-retrieve'.
|
|      If the method "wkd" is included in the list of methods given to
|      'auto-key-locate', the signer's user ID is part of the signature,
|      and the option '--disable-signer-uid' is not used, the "wkd" method
|      may also be used to retrieve a key.
|
|      Note that this option makes a "web bug" like behavior possible.
|      Keyserver or Web Key Directory operators can see which keys you
|      request, so by sending you a message signed by a brand new key
|      (which you naturally will not have on your local keyring), the
|      operator can tell both your IP address and the time when you
|      verified the signature.
— (info "(gnupg) GPG Configuration Options")
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200728/1acd2193/attachment-0001.sig>