Unecrypted download of public keys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sat Feb 4 23:27:54 CET 2017
On Sat 2017-02-04 15:14:50 -0500, sivmu wrote:
> I suppose this config did not change after upgrading from 2.1.17.
> Just tested it on 2.1.18 using arch and it still uses http on my setup.
it's not a config change -- it's a defaults change.
in the old arrangement, if you didn't specify a keyserver, you couldn't
get anything at all, so many people put some keyserver in their
configuration manually.
if you have a "keyserver" listed in your config manually, then you are
*overriding* the default. And yes, if you list foo.example.com, it will
connect to that server in the clear (just as if you put
hkps://foo.example.com then it would connect using TLS).
Did you try this with no explicit "keyserver" directive?
> But this would be rather an issue with the distro, correct?
It may be an issue with your distro, i don't know how arch has packaged
2.1.18.
all the best,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: </pipermail/attachments/20170204/a54061d7/attachment.sig>
More information about the Gnupg-users
mailing list