One thing I'm missing in all these guides describing how to store one's OpenPGP key in a Web Key Directory (WKD) is that for keys with lot of signatures the key best should be exported using
to not force an MB size download on the poor person who just wanted to write an encrypted mail.
Yes, that key then won't have the signatures, but I guess a user who uses WKD does not care about that. And if, do --refresh-keys.
@erAck I guess most people that these guides are targetted to do not have that many signatures.
For example your key has 1,3 MB and it has MSD ranking of 466 while mine has 107 KB and MSD ranking ~1300 so the number of people that have megabyte keys is less than a thousand in the world.
Yeah likely it doesn't matter for most keys.
@erAck By the way with newer GnuPG if a key was fetched with WKD it will be refreshed automatically over WKD when it expires. This can be used to run the key in keyserverless mode... in a way :)
That's convenient indeed. Well, *IF* the key holder prolongs the expiration date and uploads the refreshed key. Most seem to not even know that possibility and generate a new key instead. Which with WKD would work as well (or even better than per keyserver) if they upload it.
@erAck Yes, I agree expiration is frequently misunderstood (I actually answered on question today about it).
One more WKD trivia: if you specify your key with an e-mail while signing (e.g. `--default-key firstname.lastname@example.org`) it will embed e-mail in the signature (Signer's UID packet). When someone verifies the sig with `--auto-key-retrieve` it will grab your key through WKD.
Only when default-key is specified with email? I have a keyid there since ages.. which makes more sense if there is more than one key.
One of the first Mastodon instances, there is no specific topic we're into, just enjoy your time!