Which keyserver

Andreas Mattheiss andreas.mattheiss at gmx.de
Fri Sep 18 18:47:57 CEST 2020


>Is it possible to define multiple sources of keys with WKD, for example
>with a dns TXT record?

Well, yes, actually. This can be done with both X509 certificates (where it is called SMIMEA) and gpg keys. Obtaining a key basically involves quering the appropriate TYPE in the DNS record (53 for SMIMEA, 61 for openpgp). An additional step is to check the authenticity of this record. All this is completely seperate from WKD though.

That's the theory. In practise, alas, bugger all's using it. It's a shame, since this would really be a big step forward. The catch here is that it needs to be supported by the mail server where the addressee has his account. Needless to mention it is hardly deployed; in Germany mail.de has it, as do a number of paid email services. Plus, of course: before this goes big, the big email clients would have to support it. Of course you can hack something together using only command line tools (I've done that), but that's not the cup of tea for 99.9% of normal email users.

Vincent Breitmoser described this in this thread eloquently as being used by effectively nobody but a rounding error. Sigh.


More information about the Gnupg-users mailing list