Questions re auto-key-locate
Dan Mahoney
danm at prime.gushi.org
Wed Feb 16 00:37:58 CET 2022
> On Feb 15, 2022, at 2:45 PM, Andrew Gallagher <andrewg at andrewg.com> wrote:
>
>
>> On 15 Feb 2022, at 21:46, Dan Mahoney (Gushi) via Gnupg-users <gnupg-users at gnupg.org> wrote:
>>
>> Since the debacle a few years ago with the SKS keyserver denial-of-service attack, the keyservers are kind of a non-starter.
>
> Why so? Keyservers are still around, and the ones that survived the apocalypse are generally the ones that are better maintained. The only glitch from a user POV is that you have to publish to both a synchronising server and keys.openpgp.org to make sure everyone sees your updates…
That's a decision I leave up to the people who *make* the key (and the software that it's signing). If they've decided not to push the key out there (and it's no longer the case that you can publish just anyone's key) I need to respect that.
Right now, the decision is that our key (signed with our prior-year key) is on our website and FTP (also via https) site, and we do not assert that it's available on the keyservers.
-Dan
More information about the Gnupg-users
mailing list