Matt Sicker created WHIMSY-364:
----------------------------------
Summary: Need to switch PGP key server defaults again as SKS
retired
Key: WHIMSY-364
URL: https://issues.apache.org/jira/browse/WHIMSY-364
Project: Whimsy
Issue Type: Bug
Components: SecMail
Reporter: Matt Sicker
Assignee: Craig L Russell
https://code.firstlook.media/the-death-of-sks-pgp-keyservers-and-how-first-look-media-is-handling-it
I'm surprised I didn't notice this back when we were switching to the SKS key
server mirrors. It seems like we have a few options:
* Use https://keys.openpgp.org which has stricter security, though it requires
that key uploaders verify their email address with that site in order for their
published keys to be publicly searchable (not sure if that applies to the key
id directly)
* GnuPG has a feature for storing and searching for PGP keys in LDAP if we want
to host keys somewhere more standardized, but this doesn't help for people who
don't already have an account
* Offer some method for submitters to include an HTTPS link to download their
PGP key
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
