Unecrypted download of public keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Feb 4 23:27:54 CET 2017

On Sat 2017-02-04 15:14:50 -0500, sivmu wrote:
> I suppose this config did not change after upgrading from 2.1.17.
> Just tested it on 2.1.18 using arch and it still uses http on my setup.

it's not a config change -- it's a defaults change.

in the old arrangement, if you didn't specify a keyserver, you couldn't
get anything at all, so many people put some keyserver in their
configuration manually.

if you have a "keyserver" listed in your config manually, then you are
*overriding* the default.  And yes, if you list foo.example.com, it will
connect to that server in the clear (just as if you put
hkps://foo.example.com then it would connect using TLS).

Did you try this with no explicit "keyserver" directive?

> But this would be rather an issue with the distro, correct?

It may be an issue with your distro, i don't know how arch has packaged

all the best,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170204/a54061d7/attachment.sig>

More information about the Gnupg-users mailing list