Which keyserver
Phil Pennock
gnupg-users at spodhuis.org
Fri Sep 18 20:58:42 CEST 2020
On 2020-09-18 at 15:04 +0200, accounts-gnupg at holbrook.no wrote:
> Is it possible to define multiple sources of keys with WKD, for example
> with a dns TXT record? The use-case would be if the main server is down,
> alternative places to get it.
The SRV record approach had to be dropped because the people doing
OpenPGP in web-browsers protested hard, since browsers _still_ refuse to
implement SRV lookup. So we're stuck with an ancient model.
Currently that means "set up openpgpkey.example.org using whatever
loadbalancers and multiple A records across regions you like".
Within a few years we _might_ be able to get SRV-like distribution for
HTTPS with the proposed new `HTTPS` RR-type for DNS:
https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https
but that's not something you can rely on today.
-Phil
More information about the Gnupg-users
mailing list