Mailing List Archive

OpenPGP Web Key Directory
Hi,

I would appreciate if someone could review this article and provide
any comments or feedback: http://dashohoxha.fs.al/web-key-directory/

Regards,
Dashamir

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: OpenPGP Web Key Directory [ In reply to ]
Hi Dashamir,

Am Montag 03 Mai 2021 19:53:46 schrieb Dashamir Hoxha via Gnupg-devel:
> I would appreciate if someone could review this article and provide
> any comments or feedback: http://dashohoxha.fs.al/web-key-directory/

just briefly browsed it (not read through everything).
Thanks for working on WKD and WKS in the first place!
It is helpful to get the word out on this.

Some suggestions:
* Give details about the version numbers and systems
that you give commands for. (Maybe Debian as you use
apt-get.)
* Personally I found it too long, maybe the container part
could at least be split out.
* There is some duplication to what is in the wiki.gnupg.org
other places in the documentation and your article. (You can
add stuff to the wiki, too. :))
* There are a few recommendations for the server in the specificaton
like RR record if the advanced method is used or the disabling
of directory listings. Maybe your examples could mention them.
* It is still okay to use the public keyservers.

I like the first three sections.

Best Regards,
Bernhard

--
www.intevation.de/~bernhard ? +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: OpenPGP Web Key Directory [ In reply to ]
Bernhard, thanks for your quick review and suggestions.

On Tue, May 4, 2021 at 4:20 PM Bernhard Reiter <bernhard@intevation.de> wrote:

> Thanks for working on WKD and WKS in the first place!
> It is helpful to get the word out on this.

I think so too. WKD is an important piece of the GnuPG ecosystem, and
not so difficult either. I have registered a presentation of up to 15
min about it on OW2con'21: https://www.ow2con.org/view/2021/ (it will
be online). I intend to present the first 3 sections of this article,
without going into much details about WKS, docker containers, postfix,
etc.

> Some suggestions:
> * Give details about the version numbers and systems
> that you give commands for. (Maybe Debian as you use
> apt-get.)

Actually it is the latest ubuntu stable release (Ubuntu-20.04, or
focal). But I think that everything should work exactly the same on
the latest debian stable release (buster).

> * Personally I found it too long, maybe the container part
> could at least be split out.

Yes, it is a bit long. And it is mostly structured as a step-by-step
tutorial, with instructions to be followed and commands to be tried.
Which makes it a bit difficult to just read through it.
However the container part (building a WKS server with docker) is my
main contribution to this topic, so I can't leave it out. And the
first three sections are a quick introduction to WKD.

> * There is some duplication to what is in the wiki.gnupg.org
> other places in the documentation and your article. (You can
> add stuff to the wiki, too. :))

Wiki maintainers can feel free to copy any parts if they wish. I don't
think there is anything wrong with duplication.

> * There are a few recommendations for the server in the specificaton
> like RR record if the advanced method is used or the disabling
> of directory listings. Maybe your examples could mention them.

Maybe I should mention disabling of directory listing, although one of
the examples (in the container part) includes the apache2 directive
"Options -Indexes", which does it.
In general, if the WKD contains only your own key, maybe it is not
strictly necessary. However for a large organization it is.

About the RR record, I have noticed it in the specs, but I am not sure
how this record should look like.
Besides, if the WKD clients only checks for the presence of the
'policy' file to find out whether the advanced method is available,
maybe it doesn't make any difference.

> * It is still okay to use the public keyservers.

I only mention quickly that they are not recommended, without going
into much details about their problems. And I say that WKD is the
recommended way for public key sharing, again without going into much
details.

Best regards,
Dashamir

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: OpenPGP Web Key Directory [ In reply to ]
On Tue, May 4, 2021 at 7:48 PM Dashamir Hoxha <dashohoxha@gmail.com> wrote:

> > * There are a few recommendations for the server in the specificaton
> > like RR record if the advanced method is used or the disabling
> > of directory listings. Maybe your examples could mention them.
>
> Maybe I should mention disabling of directory listing

I have updated the blog post to mention this.

By the way here is my presentation:
- http://dashohoxha.fs.al/presentations/OpenPGP-Web-Key-Directory.pdf
- https://www.youtube.com/watch?v=ucWFqU3aO08

Best regards,
Dashamir

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel