Which keyserver

Phil Pennock gnupg-users at spodhuis.org
Fri Sep 18 17:26:37 CEST 2020

On 2020-09-18 at 10:08 +0200, Franck Routier (perso) wrote:
> Le jeudi 17 septembre 2020 à 18:13 -0400, Phil Pennock via Gnupg-users
> a écrit :
> >  If publishing keys, I do recommend setting up WKD for your
> > domain, which helps a little.
> What is the status of WKD now, and is it to superseed centralized key
> servers ?

It's a draft spec, it's spreading a little.  Federated control of your
own namespace is always good.  Ultimately it's just HTTPS with a fixed
well-known layout.

kernel.org, debian.org, gentoo.org, archlinux.org -- it's spreading
amongst the Linux folks who have a central idea of what PGP keys are
supposed to exist in their domain.

Then there's exim.org and a couple of others, but I set those up and so
I can't say that this is proof of its popularity.

I think that any organization which uses PGP, including for signing
software releases, should be setting up WKD.  Non-WKD is for individuals
using PGP on a more ad-hoc basis.

Self-pimping: <https://github.com/PennockTech/openpgpkey-control> has
other/standalone-update-website as a Python tool which can be integrated
into static site builds where something else manages the list of keys (I
have it in a Gulp rule for nats.io site build) and the repo itself is a
framework for managing the keys for one or more domains, so is used for
spodhuis.org, exim.org and pennock-tech.com.  The repo is designed to be
easy to fork and replace the key/domain definitions so that others can
use it.


More information about the Gnupg-users mailing list