Notmuch support for GnuPG Web Key Directory

classic Classic list List threaded Threaded
3 messages Options
Ralph Seichter-2 Ralph Seichter-2
Reply | Threaded
Open this post in threaded view
|

Notmuch support for GnuPG Web Key Directory

You may have followed a recent discussion on the GnuPG mailing list
regarding poisoned keys on SKS key servers, and possible alternatives.

I have set up a Web Key Directory (see https://wiki.gnupg.org/WKD),
which is easy to do, and now I am wondering about Notmuch support for
WKD. Has anybody considered this, and perhaps even compiled a list of
necessary steps to implement it?

-Ralph
_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch
Teemu Likonen Teemu Likonen
Reply | Threaded
Open this post in threaded view
|

Re: Notmuch support for GnuPG Web Key Directory

Ralph Seichter [2019-07-10T21:58:00+02] wrote:

> I have set up a Web Key Directory (see https://wiki.gnupg.org/WKD),
> which is easy to do, and now I am wondering about Notmuch support for
> WKD. Has anybody considered this, and perhaps even compiled a list of
> necessary steps to implement it?

What WKD support would mean for Notmuch front-end programs? I know that
WKD is a key locating technology for GnuPG or OpenPGP keys in general
but it seems to me that it is GnuPG's job. With "auto-key-locate"
settings in place a command like

    gpg --encrypt --recipient person@domain

would include WKD key lookup if the recipient's key isn't found from the
local keyring. Also, signature checking with "auto-key-retrieve" option
in GnuPG 2.2.17 will prefer WKD over keyservers (by default).

So, what is there left for Notmuch and email clients? Do you mean a
button like "Locate message sender's key" which would run a command like
this:

    gpg --auto-key-locate clear,nodefault,wkd,keyserver \
        --locate-key person@domain

(Or use --locate-external-key which is in GnuPG 2.2.17.)

--
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@...
/  https://keybase.io/tlikonen  https://github.com/tlikonen

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (517 bytes) Download Attachment
Teemu Likonen Teemu Likonen
Reply | Threaded
Open this post in threaded view
|

Re: Notmuch support for GnuPG Web Key Directory

Teemu Likonen [2019-07-20T08:53:01+03] wrote:

> What WKD support would mean for Notmuch front-end programs?

> So, what is there left for Notmuch and email clients?

Oh, in email clients there is at least one thing to do in order to
support WKD: using gpg's "--sender" option with the sender's email
address when signing a message (if that email user ID is in sender's
key). The "--sender" option includes that email in the signature so WKD
lookup can use that. More information in gpg(1) manual page, especially
in options "--sender" and "--auto-key-retrieve".

I recently added Emacs's message-mode (and epg) that very feature. It's
in the development branch (master) since commit
emacs-26.1-6339-g74579d3d2b (2019-07-13).

http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=74579d3d2bb82f300a6f2d81b7b559f0a24061db

Variable mml-secure-openpgp-sign-with-sender has to be non-nil.

--
///  OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450
//  https://keys.openpgp.org/search?q=tlikonen@...
/  https://keybase.io/tlikonen  https://github.com/tlikonen

_______________________________________________
notmuch mailing list
[hidden email]
https://notmuchmail.org/mailman/listinfo/notmuch

signature.asc (517 bytes) Download Attachment