John A. Wallace
jw72253 at verizon.net
Sat Nov 19 05:09:02 CET 2011
> -----Original Message-----
> From: John A. Wallace [mailto:jw72253 at verizon.net]
> Sent: Friday, November 18, 2011 9:08 PM
> To: 'gnupg-users at gnupg.org'
> Subject: keys.gnupg.net
> Hello. In my web browser I am looking at the url of keys.gnupg.net,
> which has the following title on top of its page: SKS OpenPGP
> Keyserver at zimmermann.mayfirst.org. This site allows me to check or
> submit public keys. On that page there are some instructions in a
> section called "Access", and it states:
> To use this server directly via HKP add this to your .PGP keyserver
> For users of GnuPG, add the following to ~/.gnupg/gpg.conf:
> keyserver hkp://zimmermann.mayfirst.org
> Now when I went to look at the site noted above (i.e.,
> http://zimmermann.mayfirst.org), it appears to be exactly the same as
> the first page, the one with a url of "keys.gnupg.net". So, is this an
> officialy sanctioned site by gnupg, one which is simply redirected?
> Secondly, regarding the instructions, already in my gpg.conf file I
> have this line: "keyserver hkp://keys.gnupg.net"; so, would there be
> any point in changing it?
> More importantly, in the same instructions it states this:
> "This server is also available secured by TLS (via hkps).... You
> can use HKPS by dropping the May First/People Link Certificate
> Authority's certificate into ~/.gnupg/mfpl.crt, and then adding the
> following lines to ~/.gnupg/gpg.conf:
> keyserver hkps://zimmermann.mayfirst.org
> keyserver-options ca-cert-file=/home/YOURNAME/.gnupg/mfpl.crt"
> Therefore, if this is in fact an officially sanctioned site, I should
> prefer to have this latter option for use as it supports encrypted key
> transfer processes. I am assuming that there should be only one entry
> for the "keyserver" name option although the online instructions do not
> explicitly state so? Thanks.
In addition, it seems to imply to me from the instructions online at
ions.html, that I could in fact use more than one "keyserver 'name'" option
in my 'gpg.conf' file; and that I could use different options for different
keyservers. At least that is how I understand these instructions:
" After the keyserver name, optional keyserver configuration options may be
provided. These are the same as the global --keyserver-options from below,
but apply only to this particular keyserver."
Or is this instruction referring only to different options for different
"types" (e.g., hkp, ldap or mailto) of keyservers? I mean, if I am
interpreting it right, I could, theoretically, use these lines in gpg.conf:
keyserver hkps://zimmermann.mayfirst.org ca-cert-file=<path to
More information about the Gnupg-users