Just a quick note on WKD since I've been bitten by this a few days ago: as soon as you set it up, some people will start using your keys automatically, without even knowing it (eg. it seems that ProtonMail automatically uses keys found on a WKD to encrypt outgoing mails). While in itself it's not a bad idea, you'd better prepare for this to avoid looking stupid like me, when you receive a casual encrypted mail and you're not able to read it (my private keys are air-gapped and until now I only expected to receive PGP-encrypted mail if it was worth the effort to read it offline).
> ...when you receive a casual encrypted mail and you're not able to read it (my private keys are air-gapped...
Could you elaborate on why you put your public key in well-known and also how (and for what purposes) you use your air-gapped private key? As an average user, I’ve always been worried about private keys being stolen or lost.
I'm trying to get my public key available to others by more reliable sources than the traditional PKS, mostly because I'm signing git commits and Linux packages. I've an encryption key as well that I use to encrypt server backups, but I'm not expecting it to be used much for emails (actually, every single email I've received with sensible information was /not/ encrypted — people just don't understand / care).
Not all my private keys are air-gapped, but the encryption key is, since I don't need to decrypt my backups, and don't expect to receive encrypted email very often, so why take the risk? I have an old laptop which is not connected to any network and that I only use for this now: I plug the USB key with the private key, decrypt / sign whatever I need to and that's all. It takes me a lot of time, but I don't do that more than a few times every year.