On Jul 21, 2024, at 19:28, Randy Bush <randy@psg.com> wrote:


I think the hipster thing to do now, though, is --auto-locate-key with
the Web Key Distribution or the DNSSEC Key Distribution mechanism.

i have done wkd for a fair while.  but some folk like to pull keyrings,
so i try to keep them updated.

While wks is nice in theory, easy to set up not everyone has their own control over a domain to do so and sadly decreases the use of pgp in the scope of a broad spectrum of arenas.

Places like https://keys.openpgp.org/ let us down even more by requesting verification of the email address used whereas I might want to just use email@dumb.notfound.domain that will never exist and cannot be used with that service just for a specific period of time and project.

I hate to say it but I really think pgp could benefit from a blockchain implementation keeping it distributed among peers versus its current status.

|dreams

randy

---
randy@psg.com
`gpg --locate-external-keys --auto-key-locate wkd randy@psg.com`
signatures are back, thanks to dmarc header butchery