Hi Richard, Richard Stallman <r...@gnu.org> writes:
> [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > IIRC, Werner Koch has given up on key > > servers and prefers WKD as he uses for his key [1]. But that is not even > > possible for someone with a lowly gmail address like me. :) > > I looked at that page, but it is not onvious to me what the salient > differences > are between using openpgpkey.gnupg.org and using a keyserver, or between that > page https://werner.eifzilla.de/key.html an any ordinary web page with the > same information. > > Could you please explain that issue? Also, how does using gmail.com > affect this issue? That is not obvious either. Points 1, 2, and 3 of Werner's email explain the differences between traditional key servers and keys.openpgp.org well [1]. Point 3 mentions Web Key Directory (WKD) which Werner says is the more modern and safe way to distribute keys. It prevents the issue traditional key servers faced, where you could sign a key an unlimited amount of times, upload it to a key server, and then make it unusable for anyone trying to import it. Here is an example of how I would get Werner's GPG key using WKD: $ gpg-wks-client --print-wkd-url w...@gnupg.org https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f?l=wk $ wget -O wk-key.gpg https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f?l=wk $ gpg wk-key.gpg gpg: WARNING: no command supplied. Trying to guess what you mean ... pub ed25519/63113AE866587D0A 2018-09-28 [SC] [expires: 2027-01-31] AEA84EDCF01AD86C4701C85C63113AE866587D0A uid w...@gnupg.org sub ed25519/19CC1C9E085B107A 2020-08-04 [S] sub brainpoolP384r1/2B999FA9CE046B1B 2021-06-28 [E] [expires: 2027-01-10] sub unknown_8/5CF9E3DE6BC9DA95 2025-02-06 [E] Ideally, an email client could do that lookup for you if you request it. But just for illustration. My mention of gmail.com is because: $ gpg-wks-client --print-wkd-url collin.fu...@gmail.com https://openpgpkey.gmail.com/.well-known/openpgpkey/gmail.com/hu/1p1ss6qkmbx5icbf5zby8xzsexsobq7m?l=collin.funk1 But I obviously do not own gmail.com, that is Google's. Then again I am not a maintainer, so it doesn't really matter. :) Collin [1] https://lists.gnu.org/archive/html/bug-standards/2025-06/msg00010.html
