On Wednesday, February 1, 2023 5:33 PM, Martin wrote: > Hello > > Perhaps my question is strange an silly ;-) > > More and more I see messages which are signed - but the author didn't > store his public key on a keyserver (eg. hkps://keys.openpgp.org) - > sometimes a footnote in the massages gives a link where the key could > be downloaded. Sometimes this link has a bad or strange https > certificate... > > What are the reasons for such a procedure and what is the advantage?
Even if the key is uploaded to a keyserver, we are faced with the new problem of which server we can get it from (it is well known that keys.openpgp.org is not synchronized with other keyservers, and I think there are more such cases). For users with custom domain email addresses, it may be a good idea to publish PGP public keys using WKD (Web Key Directory), which solves the problem of where to find the keys (find from your email address domain). But for the average user, I think providing a key download link is probably the easiest and most feasible solution.
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users