Details / Concepts of the Web Key Directory

Pubkey Distribution Concept <- the (technical) details

• 2016-09-08 OpenPGP.conf presentation by Werner Koch: Abstract Slides.PDF
• 2016-09-08 OpenPGP.conf presentation by Bernhard Reiter, pages 21-24 Slides.ODP Slides.PDF
• 2016-09-09 OpenPGP-Schlüssel über HTTPS verteilen Golem news by Hanno Böck
• 2016-09-11 Spezifikation für die Verteilung von OpenPGP-Keys per HTTPS veröffentlicht Heise news by Johannes Merkert
• 2016-09-11 Anmerkungen zum Web Key Service gnupg-de@ by Werner Koch
• 2017-07-28 Draft 04 of the specs published (see details page linked above).
• 2017-10-10 LWN covers Werner Koch's talk at Kernel Recipies 2017

The elaborated proposal is a result of the EasyGpg2016 contract.

General Idea

If you and your peers use email-providers offering this "service", it works by the first email. Otherwise encryption will start after you have exchanged some emails.

Technically your email client will automatically

• prepare for this by creating a crypto key for you and uploading it to your provider (or second best to public keyservers).
• sign all emails so others see that you are ready for crypto (unless you opt out)
• ask the mail provider of your recipients for their pubkeys.

An email-provider supporting privacy can

• provide a pubkey for users via HTTPS, called "web key directory" (WKD).
• allow each user's email client to automatically manage the pubkey that gets published by email, called "web key service" (WKS).
• (if offering web-based email:) support the client part as well.