What is Werner's key? (Or - who signs gnupg-announce mails?)
Bernhard Reiter
bernhard at intevation.de
Mon Mar 24 13:47:28 CET 2025
Am Sonntag 23 März 2025 18:07:31 schrieb Frank Guthausen:
> The keyserver concept is broken since there were some
> attacks in the past, and there are GDPR issues, too.
I consider the concept still valid.
For key discovery and a fall back for revoking keys.
Only the web of trust part has become under pressure
as no-one has put in the work to make keyservers carry third party signatures
again. (It is possible and there are not GDPR issues.)
> A modified setup is still available, but WKD is an alternative
> and some users' keys are here and some there.
WKD is very cool (I guess I am considered biased, as I was the project lead
when WKD was developed as part of a BSI contract.)
But WKD only works for email bound pubkeys. There are other use cases without
email where the discovery of pubkeys work well with pub key erver.
The new keyserver network is https://spider.pgpkeys.eu/sks-peers
Best Regards,
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250324/80974f59/attachment-0001.sig>
More information about the Gnupg-users
mailing list