On Mon 2019-07-29 20:30:08 +0000, Holger Levsen wrote: > what's the current best practise for uploading (ones own) keys? For what purpose? For refreshing metadata on OpenPGP certificates on the debian keyring, or for transitioning to a new OpenPGP certificate in Debian, the guidance is here: https://keyring.debian.org/. Doing these updates will mean that the parts of the certificate that contain @debian.org e-mail addresses will be published via WKD and DANE automatically on the next keyring upload (i.e., roughly monthly). If you're talking about more broadly for the larger ecosystem, the most robust public OpenPGP certificate distribution mechanism i'm aware of right now is https://keys.openpgp.org/ -- that service don't currently distribute third-party certifications, and you need to confirm control of your e-mail address (by clicking a link in e-mail) to get that keystore to publish the associated user ID. But once you've done that, other people can find your OpenPGP certificate there very efficiently. The SKS keyserver network is dying, sadly, and is itself increasingly centralized (only two operators serve hkps.pool.sks-keyservers.net right now) in addition to being vulnerable to flooding attacks. If you're just talking about getting the people you communicate with via e-mail to have a copy of your own OpenPGP certificate, i recommend using an Autocrypt-capable e-mail program, and enabling Autocrypt. Then there's no central certificate distribution mechanism needed, and your peers can also automatically learn about your certificates as they exchange messages with you. hope this helps, --dkg
Attachment:
signature.asc
Description: PGP signature