You may have followed a recent discussion on the GnuPG mailing list
regarding poisoned keys on SKS key servers, and possible alternatives.
I have set up a Web Key Directory (see https://wiki.gnupg.org/WKD),
which is easy to do, and now I am wondering about Notmuch support for
WKD. Has anybody considered this, and perhaps even compiled a list of
necessary steps to implement it?
> I have set up a Web Key Directory (see https://wiki.gnupg.org/WKD),
> which is easy to do, and now I am wondering about Notmuch support for
> WKD. Has anybody considered this, and perhaps even compiled a list of
> necessary steps to implement it?
What WKD support would mean for Notmuch front-end programs? I know that
WKD is a key locating technology for GnuPG or OpenPGP keys in general
but it seems to me that it is GnuPG's job. With "auto-key-locate"
settings in place a command like
gpg --encrypt --recipient person@domain
would include WKD key lookup if the recipient's key isn't found from the
local keyring. Also, signature checking with "auto-key-retrieve" option
in GnuPG 2.2.17 will prefer WKD over keyservers (by default).
So, what is there left for Notmuch and email clients? Do you mean a
button like "Locate message sender's key" which would run a command like
> What WKD support would mean for Notmuch front-end programs?
> So, what is there left for Notmuch and email clients?
Oh, in email clients there is at least one thing to do in order to
support WKD: using gpg's "--sender" option with the sender's email
address when signing a message (if that email user ID is in sender's
key). The "--sender" option includes that email in the signature so WKD
lookup can use that. More information in gpg(1) manual page, especially
in options "--sender" and "--auto-key-retrieve".
I recently added Emacs's message-mode (and epg) that very feature. It's
in the development branch (master) since commit