Questions about OpenPGP best practices

[Peter Loshin]

Many thanks to Daniel Kahn Gillmor for pointing to the best practices
page (https://we.riseup.net/riseuplabs+paow/openpgp-best-practices);
this information is very helpful.

Some questions about the information on this page:

1. "Don't use pgp.mit.edu". Which keyserver *should* be used? I assume
that a pool is better than a particular server; is there one
particular pool that is preferred? What about
http://pool.sks-keyservers.net/?

2. On keeping an encrypted backup of my secret key material, what
method is recommended for doing that? (Presumably something like "gpg
--export-secret-keys | gpg --output secretkeymatter.gpg --symmetric"?)

3. On using a keyserver with HKPS support: when I attempt to connect
(via Chrome) to https://sks-keyservers.net/, I get an error headlined
"The site's security certificate is not trusted!", stating " the
server presented a certificate issued by an entity that is not trusted
by your computer's operating system."

4. When I try to use hkps://sks-keyservers.net with GnuPG at the
command line, I get these messages:

gpgkeys: HTTP post error 1: unsupported protocol
gpg: keyserver internal error
gpg: keyserver send failed: Keyserver error

And when I try the same with the domain name only (sks-keyservers.net)
I get these messages:

: can't connect to `sks-keyservers.net': No route to host
gpgkeys: HTTP post error 7: couldn't connect: No route to host
gpg: keyserver internal error
gpg: keyserver send failed: Keyserver error

My question would be, am I doing something wrong or is the service unavailable?


Thank you!
Peter



--
==============
Peter Loshin
617/549-4514
==============