Keyserver/security bug 1447 (and 1446 too)

Phil Pennock gnupg-devel at
Tue Dec 4 10:21:13 CET 2012

On 2012-12-04 at 07:43 +0100, Werner Koch wrote:
> If you want me to delegate to another pool operator
> group, please let me know.

If you want to get out of the issue entirely, I recommend taking a look
at <> and pick one to
CNAME to.  I suggest "".

My estimate of the attitude of the SKS keyserver operators is that there
is no contention in stating that Kristian's keyserver DNS pools are a de
facto standard.  The only other pools in operation that I even know of
are run by me, and they deliberately have obnoxiously long names to
discourage public use.

If you want to avoid tying into SKS and want to maintain closer control
than a CNAME, then the code I use (written in Go) is at
<> and includes the DNS creation
script in contrib/.  It only examines SKS, but if you want to handle
more than that then it's a reasonable starting point.


More information about the Gnupg-devel mailing list