recommendation for key servers

Werner Koch wk at
Tue Jun 29 19:27:17 CEST 2021

On Sun, 27 Jun 2021 13:20, Tobias Wendorff said:

> So maybe sign the contenting process using the private key in future?

Casey Marshall wrote in the Hockeypuck 2.1 announcement [1]:

  - Authenticated key management. This adds a couple of extra endpoints
    which allow a key owner to replace and delete their key,
    authenticated by signing the armored key in the request. This allows
    a key owner to still update their own key once it has been inflated
    beyond the key length limit.

  Blacklists and auth key management may also be of interest to keyserver
  operators subject to GDPR-related requests.

However there was not much followup on this.  If there is something in
GnuPG we can do to support these features, we should do that sooner than

In the meantime I will release 2.2.29 with the default keyserver changed
from the sks pool to the Ubuntu keyserver.  I considered to use the
classic server but that one would again require a
dedicated certificate which does not seem to be appropriate for
intermediate change of the default.  I also considered several other
Hockeypuck servers but most of them return garbled OpenPGP keyblocks
which can't be used by GnuPG.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list