The approach we followed for key servers is relatively new. Web Key Directory is also relatively new. This allows an email service provider to offer an authoritative key server for its users. This is standardized, decentralized and easy to discover way for OpenPGP keys. This makes OpenPGP keys much easier to discover and use. Only a small number of email providers offer Web Key Directory support https://wiki.gnupg.org/WKD#Implementations
When we wanted to setup a keyserver, we had two choices, 1. follow the calssical approach 2. follow the gdpr compliant email verified keys approach. We took the second option, which meant there were not many software choices to set this up.
You can read more about how this key server is different from classical key servers Purism / keyserver · GitLab
Mailvelope Key Server (https://keys.mailvelope.com) and OpenPGP.org Key Server (https://keys.openpgp.org) follow a new approach to OpenPGP keys. These two keyservers allows only the owner of the key to publish keys after verifying the ownership through an encrypted email. This also means the owner can remove the key or update it anytime. This is also compatible with GDPR.
The software run by https://keys.openpgp.org does not support deploying in other servers. So the only option was Mailvelope Key Server. But it was using MongoDB which is no longer Free Software after they changed license to SSPL. So we had to look for Free Software MongoDB replacements and add custom patches to Mailvelope to run with FerretDB, built on PostgreSQL. We also added support for Web Key Directory in Mailvelope Key Server. Since the available documentation was misleading, it took a lot of effort to actually get this working. You can see the history here Implement support for Web Key Directory by pravi · Pull Request #146 · mailvelope/keyserver · GitHub
Recently FerretDB 2.0 was released and we could drop the custom patches as most missing MongoDB features were implemented in FerretDB. Though we still have to use an older version of Mailvelope Key Server since one feature is still missing MongoServerError: An equivalent index already exists with the s ame name but different options · Issue #4960 · FerretDB/FerretDB · GitHub
So this specific approach is unique to Purism - https://keys.mailvelope.com/ is still running on MongoDB (100% Free Software Key Server solution with Web Key Directory support that others can easily replicate). So we did the research, customization, testing and documentation for others to follow. Support from Akshay S Dinesh (who is a good friend of mine and active in the Free Software Community) was crucial to get this solution working.
You can search only by full key id or email address, you cannot harvest email addresses by listing all published keys etc. If you have the email address, this makes it easy to discover the key. For example in thunderbird,
- if you setup encrypt by default (or choose encryption option for a specific email),
- then if the public key is missing,
- thunderbird offers to search for the key and
- without any additional configuration of keyserver or manually importing keys, it will find the keys for Librem One users, from this key server.
- if they upload keys to this key server, thanks to Web Key Directory support in Thunderbird.
The same ease of discovery is possible for other users only if their email provider also offers Web Key Directory support or they have to use a centralized key server like https://keys.openpgp.org