Public keys stored on different server

Ming Kuang ming at imkuang.com
Wed Feb 1 17:40:54 CET 2023


On Wednesday, February 1, 2023 5:33 PM, Martin wrote:
> Hello
> 
> Perhaps my question is strange an silly ;-)
> 
> More and more I see messages which are signed - but the author didn't
> store his public key on a keyserver (eg. hkps://keys.openpgp.org) -
> sometimes a footnote in the massages gives a link where the key could
> be downloaded. Sometimes this link has a bad or strange https
> certificate...
> 
> What are the reasons for such a procedure and what is the advantage?

Even if the key is uploaded to a keyserver, we are faced with the new
problem of which server we can get it from (it is well known that
keys.openpgp.org is not synchronized with other keyservers, and I think
there are more such cases).

For users with custom domain email addresses, it may be a good idea to
publish PGP public keys using WKD (Web Key Directory), which solves the
problem of where to find the keys (find from your email address domain).
But for the average user, I think providing a key download link is probably
the easiest and most feasible solution.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230202/22bc4c95/attachment-0001.sig>


More information about the Gnupg-users mailing list