Keyservers and GDPR

Werner Koch wk at
Wed May 29 08:56:10 CEST 2019

On Sun, 26 May 2019 22:39, gnupg-devel at said:

> With the various problems of SKS today, I tentatively suggest that not
> defaulting to the HKPS pool and choosing a different target for the
> CNAME might be beneficial.

FWIW, is since gnupg 2.2.7 not a CNAME name but aliased
by dirmngr in this way:

  hkps://       -> hkps://      ->
  hkp://        -> hkp://       ->
  hkps://  -> hkps:// ->
  hkp://   -> hkp://  ->              -> hkps://         -> hkps://

this was needed to void problems with server name matching.  Thus we
can't change that easily.  Anyway, it is suggested tha the default
keyserver is used which is  hkps://  To
change this the keyserver option in dirmngr.conf needs to be used.

> suspect that >> << is likely to be the
> best choice for GnuPG; the meaning of "subset" changes over time,

I am pretty sure that changing to this as the default will raise a lot
of concerns from the folks who want to elimiated the use of the string



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list