On Mon 2019-07-29 20:30:08 +0000, Holger Levsen wrote:
> what's the current best practise for uploading (ones own) keys?
For what purpose?
For refreshing metadata on OpenPGP certificates on the debian keyring,
or for transitioning to a new OpenPGP certificate in Debian, the
guidance is here: https://keyring.debian.org/. Doing these updates will
mean that the parts of the certificate that contain @debian.org e-mail
addresses will be published via WKD and DANE automatically on the next
keyring upload (i.e., roughly monthly).
If you're talking about more broadly for the larger ecosystem, the most
robust public OpenPGP certificate distribution mechanism i'm aware of
right now is https://keys.openpgp.org/ -- that service don't currently
distribute third-party certifications, and you need to confirm control
of your e-mail address (by clicking a link in e-mail) to get that
keystore to publish the associated user ID. But once you've done that,
other people can find your OpenPGP certificate there very efficiently.
The SKS keyserver network is dying, sadly, and is itself increasingly
centralized (only two operators serve hkps.pool.sks-keyservers.net right
now) in addition to being vulnerable to flooding attacks.
If you're just talking about getting the people you communicate with via
e-mail to have a copy of your own OpenPGP certificate, i recommend using
an Autocrypt-capable e-mail program, and enabling Autocrypt. Then
there's no central certificate distribution mechanism needed, and your
peers can also automatically learn about your certificates as they
exchange messages with you.
hope this helps,
--dkg
Attachment:
signature.asc
Description: PGP signature