Web Key Directory: refreshing keys
Wiktor Kwapisiewicz
wiktor at metacode.biz
Mon Jun 25 13:03:45 CEST 2018
Hello,
I would like to ask about the potential ability to refresh keys using
Web Key Directory protocol.
As far as I know WKD can be used to locate keys (via --locate-key et al.
and when verifying signatures with signer's UID embedded) but the keys
retrieved via WKD are refreshed using keyservers only, never their
original location.
Technically that would be possible (as the key origin is preserved).
The disadvantage would be that WKD server operator would see when people
refresh keys within their domain.
I see also some advantages: there are less bytes to download (because
binary, and because keyservers allow anyone to bloat the keys [0] [1])
and that it could allow managing keys without keyservers at all [2] (for
example in case of a hypothetical GDPR-apocalypse).
Would refresh via WKD be a good idea?
Thanks for your input!
Kind regards,
Wiktor
[0]: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57
[1]: https://bitbucket.org/skskeyserver/sks-keyserver/issues/60
[2]: Of course someone else can put the keys in keyservers anyway but I
mean providing authoritative key updates on WKD host.
--
*/metacode/*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180625/efc75d4c/attachment.sig>
More information about the Gnupg-devel
mailing list