You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whimsical.apache.org by "Matt Sicker (Jira)" <ji...@apache.org> on 2021/07/15 15:52:00 UTC
[jira] [Created] (WHIMSY-364) Need to switch PGP key server
defaults again as SKS retired
Matt Sicker created WHIMSY-364:
----------------------------------
Summary: Need to switch PGP key server defaults again as SKS retired
Key: WHIMSY-364
URL: https://issues.apache.org/jira/browse/WHIMSY-364
Project: Whimsy
Issue Type: Bug
Components: SecMail
Reporter: Matt Sicker
Assignee: Craig L Russell
https://code.firstlook.media/the-death-of-sks-pgp-keyservers-and-how-first-look-media-is-handling-it
I'm surprised I didn't notice this back when we were switching to the SKS key server mirrors. It seems like we have a few options:
* Use https://keys.openpgp.org which has stricter security, though it requires that key uploaders verify their email address with that site in order for their published keys to be publicly searchable (not sure if that applies to the key id directly)
* GnuPG has a feature for storing and searching for PGP keys in LDAP if we want to host keys somewhere more standardized, but this doesn't help for people who don't already have an account
* Offer some method for submitters to include an HTTPS link to download their PGP key
--
This message was sent by Atlassian Jira
(v8.3.4#803005)