> I have implemented WKD for my domain, but now I don’t know an easy way
> of testing it … is there a service or similar where I can check if this
> email address is properly WKD-enabled?
When I was setting up WKD recently, I tested it like this:
gpg --homedir "$(mktemp -d)" --locate-keys h..
> > For example, why isn't ask-cert-level a default?
>
> For an alternative view on ask-cert-level see also:
>
> https://debian-administration.org/users/dkg/weblog/98
Oh, interesting. Thank you for showing this to me. I had it in my head
that a "weak" signature would count as a marginal in the web
> I think also (sorry to say this Werner!) the problem is that
> GnuPG is Linux cli based and not like MacPGP from Mr. Zimmermann,
> back in the 90's was GUI based with much lesser commands and
> easier to learn. There was back then no Enigmail or other
> MUA plug-ins and you could simply copy and
> And yes, hkps://keys.openpgp.org would fall over and die if too many
> users started using it. So cert poisoning will be an issue until there's
> a secure alternative.
Just as a point of interest, I've talked to the people running
keys.openpgp.org about their capacity in #hagrid, when we were ex
> Third-party signatures from locally unknown certificates are arguably
> not so useful, so how about using ?--keyserver-options import-clean??
> (Or even making it the default behavior?) Of course it's not perfect as
> it still clutters network traffic and gpg(1) needs to clean up the mess
> clie
