Change Details

For the PGP web of trust to actually function, it is vital that those verifying a signature are able to see the public key used. The issues with public keyserver pools are well-documented, and rather than simply hoping that the verifier checks a keyserver you've uploaded a key to, it is sensible to embed the keyserver of your choosing in a signature. This has the potential to reduce the centralization of the ecosystem considerably, as you can specify a URL on a domain you control as the "canonical" copy of your public key. Even if the reader does not turn honor-keyserver-urls on, they can still manually retrieve the public key at their discretion. At the moment, there is a serious issue with using sig-keyserver-url by default: you must provide the URL in question. While the substitution options can be useful for working with multiple keys, it would be much easier if users could simply embed the preferred keyserver URL of the primary key used to make a signature. This could be implemented simply by adding a new As an example, consider the following scenario: a user has a primary key for personal use, and a primary key for work. Each have distinct UIDs and signing keys that are used to sign Git commits in their respective roles. The work key has an ultimately-trusted signature from the primary key, so anyone who trusts the first key for personal use should be able to trust the second key for work use. However, with just a Git repository with commits signed for work, that hypothetical observer would have no way of knowing this beyond hoping they stumble across the key in a common keyserver. By embedding the preferred keyserver URL of each key used, the problem is solved: `git log --show-signature` will show where to get the public key used for work, which will contain the signature from the personal primary key, which allows the commits to be trusted.

For the PGP web of trust to actually function, it is vital that those verifying a signature are able to see the public key used. The issues with public keyserver pools are well-documented, and rather than simply hoping that the verifier checks a keyserver you've uploaded a key to, it is sensible to embed the keyserver of your choosing in a signature. This has the potential to reduce the centralization of the ecosystem considerably, as you can specify a URL on a domain you control as the "canonical" copy of your public key. Even if the reader does not turn honor-keyserver-urls on, they can still manually retrieve the public key at their discretion. At the moment, there is a serious issue with using sig-keyserver-url by default: you must provide the URL in question. While the substitution options can be useful for working with multiple keys, it would be much easier if users could simply embed the preferred keyserver URL of the primary key used to make a signature. This could be implemented simply by adding a new %-expando. As an example, consider the following scenario: a user has a primary key for personal use, and a primary key for work. Each have distinct UIDs and signing keys that are used to sign Git commits in their respective roles. The work key has an ultimately-trusted signature from the primary key, so anyone who trusts the first key for personal use should be able to trust the second key for work use. However, with just a Git repository with commits signed for work, that hypothetical observer would have no way of knowing this beyond hoping they stumble across the key in a common keyserver. By embedding the preferred keyserver URL of each key used, the problem is solved: `git log --show-signature` will show where to get the public key used for work, which will contain the signature from the personal primary key, which allows the commits to be trusted.

For the PGP web of trust to actually function, it is vital that those verifying a signature are able to see the public key used. The issues with public keyserver pools are well-documented, and rather than simply hoping that the verifier checks a keyserver you've uploaded a key to, it is sensible to embed the keyserver of your choosing in a signature. This has the potential to reduce the centralization of the ecosystem considerably, as you can specify a URL on a domain you control as the "canonical" copy of your public key. Even if the reader does not turn honor-keyserver-urls on, they can still manually retrieve the public key at their discretion. At the moment, there is a serious issue with using sig-keyserver-url by default: you must provide the URL in question. While the substitution options can be useful for working with multiple keys, it would be much easier if users could simply embed the preferred keyserver URL of the primary key used to make a signature. This could be implemented simply by adding a new %-expando. As an example, consider the following scenario: a user has a primary key for personal use, and a primary key for work. Each have distinct UIDs and signing keys that are used to sign Git commits in their respective roles. The work key has an ultimately-trusted signature from the primary key, so anyone who trusts the first key for personal use should be able to trust the second key for work use. However, with just a Git repository with commits signed for work, that hypothetical observer would have no way of knowing this beyond hoping they stumble across the key in a common keyserver. By embedding the preferred keyserver URL of each key used, the problem is solved: `git log --show-signature` will show where to get the public key used for work, which will contain the signature from the personal primary key, which allows the commits to be trusted.