distributing pubkeys: autocrypt, hagrid, WKD (Re: Your Thoughts)
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Mon Jul 1 16:27:20 CEST 2019
On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
>> The problem with autocrypt are the cases where its security measures
>> are
>> tested. There is not good way to interact with the users in those cases.
>> I know this is not parts of its design goals, but it works against a better
>> user experience.
>>
>> The progrem with hagrid (from what I've heard) is that it is again an attempt
>> of a validating keyserver, which means it has to centralize the trust
>> function or there is no point in the validation.
>>
>> This makes WKD most mature and easiest for users in my eyes. (I was involved
>> in its design.).
>>
>
>I agree. This is precisely why we've decided it for syncing
>distribution keys in Gentoo. However, the main problem with WKD right
>now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
>-- we had to employ a large hack to do it.
This can't be stressed enough. The main purpose of a managed keyring for
communities like kernel.org and others is to advise all members of
things like:
- subkey changes
- UID additions/revocations
- expiration date extensions
WKD doesn't currently facilitate any of these.
-K
More information about the Gnupg-users
mailing list