[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: WKD: returns only one pubkey (and why)
From: Werner Koch via Gnupg-devel <gnupg-devel () gnupg ! org>
Date: 2023-02-24 9:02:58
Message-ID: 871qmfpha5.fsf () wheatstone ! g10code ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Sat, 28 Jan 2023 23:50, Jakub Wilk said:
> Beware that this may import unrelated keys to your keyring:
> https://bugs.debian.org/909755
Nope (see also https://dev.gnupg.org/T3398). The security of GnUPG
OpenPGP keys does not rely on the keys in a certain database but soley
on key signatures.
The whole idea of using "curated keyrings" for general purposes is
entirely wrong. If you do this, you should at least disable dirmngr and
don't use any frontends or tools which might import keys (e.g. taken
from a mail).
The only standard use of "curated keyrings" is with gpgv which - for
that reason - uses a dedicated file name (trustedkeys.kbx or
trustedkeys.gpg).
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
["openpgp-digital-signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic