I published a new article. Today it's about #WKD #OpenPGP and key discovery. It's split into a part that explains what the current methods are to recieve a public key of someone else and how WKD comes in here, followed by a hands-on part on how to setup WKD for your domain. Hope you enjoy 😉
@sheogorath Definitely, looks really nice, can I nitpick some small details?
@wiktor Always!
Feel free to correct me :D You can either do it here on Mastodon or directly via Merge Request 😉 Whatever you prefer.
https://octo.sh/Sheogorath/blog/blob/deploy/_posts/2019-02-05-Lets-discover-OpenPGP-keys.md
@sheogorath 🤔 It seems the spec actually recommends generic `application/octet-stream` Content-Type (https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07#section-3.1 "The server SHOULD use "application/octet-stream" as the Content-Type for the data").
Previous editions recommended pgp-keys but this media type is reserved for armored keys (see https://tools.ietf.org/html/rfc3156#section-7) not binary.
@sheogorath `mailbox-only` means accepted user IDs are not the usual `John Doe <john@example.com>` but contain mailbox only: `john@example.com`. I know of only one provider that needs this (Posteo.de) due to their policy of not publishing real names of customers.
I think vast majority of people would use just an empty policy file. This is actually not checked by most WKD clients but from what I've heard will be used by some big e-mail providers (ProtonMail) to scan if domain has WKD deployed.
@wiktor Fixed and noted!
Thanks a lot!
@sheogorath No problem, glad I could be of service :)
@sheogorath Thanks, I like it!
@sheogorath
And added to https://erack.de/bookmarks/gnupg.html#WKD :-)
/cc @wiktor @orbifx I guess you wanted to be linked to this one. ;)