On Sun, Jul 21, 2024, 18:31 J. Hellenthal via NANOG <[email protected]> wrote:
> > > On Jul 21, 2024, at 19:28, Randy Bush <[email protected]> wrote: > > > > I think the hipster thing to do now, though, is --auto-locate-key with > > the Web Key Distribution or the DNSSEC Key Distribution mechanism. > > > i have done wkd for a fair while. but some folk like to pull keyrings, > so i try to keep them updated. > > While wks is nice in theory, easy to set up not everyone has their own > control over a domain to do so and sadly decreases the use of pgp in the > scope of a broad spectrum of arenas. > > Places like https://keys.openpgp.org/ let us down even more by requesting > verification of the email address used whereas I might want to just use > [email protected] that will never exist and cannot be used with > that service just for a specific period of time and project. > > I hate to say it but I really think pgp could benefit from a blockchain > implementation keeping it distributed among peers versus its current status. > Sorry, what in the world would blockchain give us? Like sure, it's possible to add another layer of indirection (see rfc 1925), but blockchain doesn't _solve_ any problems, and actively makes pgp/gpg worse. The gpg keyring is _already_ a distributed trust. It would be good to articulate precisely what you see blockchain solving here. > |dreams > > randy > > --- > [email protected] > `gpg --locate-external-keys --auto-key-locate wkd [email protected]` > signatures are back, thanks to dmarc header butchery > >
