keyserver scheme http broken?

Bernhard Reiter bernhard at
Thu Nov 12 21:19:41 CET 2009


On Thursday 12 November 2009, David Shaw wrote:
> On Nov 12, 2009, at 12:24 PM, Bernhard Reiter wrote:
> > I might miss something here, but for me on gnupg 2.0.13 (and 2.0.11)
> > retrieving keys via the "http://" scheme seems to be broken.
> >
> > (Also it seem that --search-keys does not work with "http", although
> > a lot of
> > people claim that "http" is just "hkp" over port 80. )
> That is not correct.
> hkp is basically a convention for a keyserver that runs over HTTP on a
> different port (11371).  If you want hkp on port 80, you'd do "hkp://
>".  The hkp protocol specifies how keys are to
> be searched for a retrieved, using HTTP as the transport.
> That's hkp. 

thanks for the clarification, as I've hinted upon, I believe this is 
underdocumented somehow. 

> There isn't really a *http* keyserver (in the sense of
> being a database of many keys that can be queried).  If you specify a
> http URL with the --keyserver command, you're really describing a the
> path to a particular file to fetch.  It's not really indended for that
> use, and you can't --search-keys or --recv-keys a web server. at least is confusing
on this part (and I think Werner read over it as well). It makes the reader
believer that and
could be viable "keyserver" for use with --keyserver.
We (as in the Gpg4win Team, especially Emanuel) must change that. did not put that idea to rest, neither did
the --keyserver section of gpg.texi. Na, now I know. The different port can be 
a problem for enterprise firewalls, though.


Managing Director - Owner:       (Free Software Company)
Deputy Germany Coordinator: Coordinator:
Intevation GmbH, Neuer Graben 17, Osnabrück, DE; AG Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20091112/4307f5b3/attachment.pgp>

More information about the Gnupg-devel mailing list