hkps port

David Shaw dshaw at
Thu Apr 2 13:26:27 CEST 2009

On Apr 2, 2009, at 5:33 AM, Werner Koch wrote:

> On Thu,  2 Apr 2009 04:51, dshaw at said:
>> After some pondering about the proper port for hkps, I think that 443
>> makes the most sense (in other words, use the same port number as
>> https).  The reality is that there was never a particular reason why
>> regular hkp needed to be on port 11371.  The protocol is really http,
> That is true for HTTP but not for HTTPS.  Using 443 for hkps usually
> requires the use of a separate IP adress - something I really like to
> avoid.  Another port also allow the use of a differentserver
> certificate.

I know.  It's a messy situation, and there is no really good answer  
for all the problems.  Some sites can *only* connect over 443 because  
of firewalling rules.  I'm rather liking Phil's SRV suggestion at the  
moment.  If nothing else, it lets server operators pick what they want  
for whatever internal reasons they want (firewall support, certificate  
issues, IP issues), and just tell the client where to find things.


More information about the Gnupg-devel mailing list