On Mon, Jul 01, 2019 at 03:13:29PM +0200, Michał Górny via Gnupg-users wrote:
The problem with autocrypt are the cases where its security measures
are
tested. There is not good way to interact with the users in those cases.
I know this is not parts of its design goals, but it works against a better
user experience.
The progrem with hagrid (from what I've heard) is that it is again an attempt
of a validating keyserver, which means it has to centralize the trust
function or there is no point in the validation.
This makes WKD most mature and easiest for users in my eyes. (I was involved
in its design.).
I agree. This is precisely why we've decided it for syncing
distribution keys in Gentoo. However, the main problem with WKD right
now is that AFAIK GnuPG doesn't support refreshing existing keys via WKD
-- we had to employ a large hack to do it.
This can't be stressed enough. The main purpose of a managed keyring for
communities like kernel.org and others is to advise all members of
things like:
- subkey changes
- UID additions/revocations
- expiration date extensions
WKD doesn't currently facilitate any of these.
-K
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
