distributing pubkeys: autocrypt, hagrid, WKD
Konstantin Ryabitsev
konstantin at linuxfoundation.org
Tue Jul 2 21:40:32 CEST 2019
On Mon, Jul 01, 2019 at 06:41:41PM +0200, Werner Koch via Gnupg-users wrote:
>On Mon, 1 Jul 2019 10:27, konstantin at linuxfoundation.org said:
>
>> - subkey changes
>
>An expired key triggers a reload of the key via WKD or DANE. Modulo the
>problems I mentioned in the former mail. For new subkeys we have a
>problem unless we do a regular refresh similar to what should be done
>for revocations.
Most subkey changes that I am aware of are not due to people's old
subkeys expiring, but because they add new ones for reasons like
migrating between smartcard solutions or just being nerdy and picking a
new ECC-based subkey.
When this happens, a maintainer who tries to verify a signed pull
request will have the operation fail, so they need to have a way to
force-refresh the developer's key. I would say this is the #1 workflow
scenario that I need to fix if we can't rely on the SKS network any
more.
-K
More information about the Gnupg-users
mailing list