On Tue, 7 Jan 2025 04:09:52 +0000 have--- via Gnupg-users <gnupg-users@gnupg.org> wrote: > > A question of netiquette: Is it acceptable to do this on a first > post to a public list?
Without having a final answer, some thoughts: 1. Signed emails which are sent to a list can be verified only with the public key. Thus the other list members should have a chance to get this key. 2. Sending the key once will exclude those people / list members who join afterwards. 3. Sending the key always will increase traffic and amount of used storage space. Maybe this isn't any kind of real issue nowadays. 4. Given a public mailing list archive, can the key be extracted from there in the far future? Which format would be suitable for this? Are the headers archived completely? 5. The WKD web key directory looks like a suitable workflow to distribute public keys without repeated overhead inside the emails itselves. Just as a proof of concept for myself, I tried it several months ago. It's easy to setup in conjunction with some webspace. Actually this is only a "works for me" solution, YMMV. I do not claim it to be _the_ single and universal solution. 6. Maybe the final answer is not agreeing on a single distribution workflow but having different options live and in the wild. This could protect against suprising disruption attacks against the ecosystem as it happended with keyservers in the past. -- kind regards Frank
pgpyQKQLI9CA4.pgp
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
