recommendation for key servers
Werner Koch
wk at gnupg.org
Tue Jun 29 19:27:17 CEST 2021
On Sun, 27 Jun 2021 13:20, Tobias Wendorff said:
> So maybe sign the contenting process using the private key in future?
Casey Marshall wrote in the Hockeypuck 2.1 announcement [1]:
- Authenticated key management. This adds a couple of extra endpoints
which allow a key owner to replace and delete their key,
authenticated by signing the armored key in the request. This allows
a key owner to still update their own key once it has been inflated
beyond the key length limit.
Blacklists and auth key management may also be of interest to keyserver
operators subject to GDPR-related requests.
However there was not much followup on this. If there is something in
GnuPG we can do to support these features, we should do that sooner than
later.
In the meantime I will release 2.2.29 with the default keyserver changed
from the sks pool to the Ubuntu keyserver. I considered to use the
classic pgp.surfnet.nl server but that one would again require a
dedicated certificate which does not seem to be appropriate for
intermediate change of the default. I also considered several other
Hockeypuck servers but most of them return garbled OpenPGP keyblocks
which can't be used by GnuPG.
Shalom-Salam,
Werner
[1]
https://lists.gnupg.org/pipermail/gnupg-users/2020-December/064434.html
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210629/76062ae8/attachment.sig>
More information about the Gnupg-devel
mailing list