On Sun, Jul 21, 2024, 18:31 J. Hellenthal via NANOG <nanog@nanog.org> wrote:
On Jul 21, 2024, at 19:28, Randy Bush <randy@psg.com> wrote:
I think the hipster thing to do now, though, is --auto-locate-key with
the Web Key Distribution or the DNSSEC Key Distribution mechanism.
i have done wkd for a fair while. but some folk like to pull keyrings, so i try to keep them updated.
While wks is nice in theory, easy to set up not everyone has their own control over a domain to do so and sadly decreases the use of pgp in the scope of a broad spectrum of arenas.
Places like https://keys.openpgp.org/ let us down even more by requesting verification of the email address used whereas I might want to just use email@dumb.notfound.domain that will never exist and cannot be used with that service just for a specific period of time and project.
I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status.
Sorry, what in the world would blockchain give us? Like sure, it's possible to add another layer of indirection (see rfc 1925), but blockchain doesn't _solve_ any problems, and actively makes pgp/gpg worse. The gpg keyring is _already_ a distributed trust. It would be good to articulate precisely what you see blockchain solving here.
|dreams
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery