On 2020-09-18 at 10:08 +0200, Franck Routier (perso) wrote: > Le jeudi 17 septembre 2020 à 18:13 -0400, Phil Pennock via Gnupg-users > a écrit : > > If publishing keys, I do recommend setting up WKD for your > > domain, which helps a little. > > What is the status of WKD now, and is it to superseed centralized key > servers ?
It's a draft spec, it's spreading a little. Federated control of your own namespace is always good. Ultimately it's just HTTPS with a fixed well-known layout. kernel.org, debian.org, gentoo.org, archlinux.org -- it's spreading amongst the Linux folks who have a central idea of what PGP keys are supposed to exist in their domain. Then there's exim.org and a couple of others, but I set those up and so I can't say that this is proof of its popularity. I think that any organization which uses PGP, including for signing software releases, should be setting up WKD. Non-WKD is for individuals using PGP on a more ad-hoc basis. Self-pimping: <https://github.com/PennockTech/openpgpkey-control> has other/standalone-update-website as a Python tool which can be integrated into static site builds where something else manages the list of keys (I have it in a Gulp rule for nats.io site build) and the repo itself is a framework for managing the keys for one or more domains, so is used for spodhuis.org, exim.org and pennock-tech.com. The repo is designed to be easy to fork and replace the key/domain definitions so that others can use it. -Phil _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
