Which keyserver
Phil Pennock
gnupg-users at spodhuis.org
Fri Sep 18 17:26:37 CEST 2020
On 2020-09-18 at 10:08 +0200, Franck Routier (perso) wrote:
> Le jeudi 17 septembre 2020 à 18:13 -0400, Phil Pennock via Gnupg-users
> a écrit :
> > If publishing keys, I do recommend setting up WKD for your
> > domain, which helps a little.
>
> What is the status of WKD now, and is it to superseed centralized key
> servers ?
It's a draft spec, it's spreading a little. Federated control of your
own namespace is always good. Ultimately it's just HTTPS with a fixed
well-known layout.
kernel.org, debian.org, gentoo.org, archlinux.org -- it's spreading
amongst the Linux folks who have a central idea of what PGP keys are
supposed to exist in their domain.
Then there's exim.org and a couple of others, but I set those up and so
I can't say that this is proof of its popularity.
I think that any organization which uses PGP, including for signing
software releases, should be setting up WKD. Non-WKD is for individuals
using PGP on a more ad-hoc basis.
Self-pimping: <https://github.com/PennockTech/openpgpkey-control> has
other/standalone-update-website as a Python tool which can be integrated
into static site builds where something else manages the list of keys (I
have it in a Gulp rule for nats.io site build) and the repo itself is a
framework for managing the keys for one or more domains, so is used for
spodhuis.org, exim.org and pennock-tech.com. The repo is designed to be
easy to fork and replace the key/domain definitions so that others can
use it.
-Phil
More information about the Gnupg-users
mailing list