On Jul 21, 2024, at 19:28, Randy Bush <randy@psg.com> wrote:
I think the hipster thing to do now, though, is --auto-locate-key with the Web Key Distribution or the DNSSEC Key Distribution mechanism.
i have done wkd for a fair while. but some folk like to pull keyrings, so i try to keep them updated.
While wks is nice in theory, easy to set up not everyone has their own control over a domain to do so and sadly decreases the use of pgp in the scope of a broad spectrum of arenas. Places like https://keys.openpgp.org/ let us down even more by requesting verification of the email address used whereas I might want to just use email@dumb.notfound.domain that will never exist and cannot be used with that service just for a specific period of time and project. I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status. |dreams
randy
--- randy@psg.com `gpg --locate-external-keys --auto-key-locate wkd randy@psg.com` signatures are back, thanks to dmarc header butchery