Download of public keys
sivmu at web.de
sivmu at web.de
Fri Feb 17 21:46:21 CET 2017
Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand:
> On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote:
>> On 02/17/2017 07:00 PM, sivmu at web.de wrote:
>>> keyserver hkps://jirk5u4osbsr34t5.onion
>>> keyserver hkps://keys.gnupg.net
>>>
>>> would solve this I guess.
>>
>> No, that'd result in certificate errors and non-responsive servers
>>
>
> That said, you are indeed correct, and skel file is used to create
> dirmngr.conf on other systems as well (it has been a while since
> starting with a fresh homedir :) ) ... if wanting hkps the latter should
> be switched to hkps://hkps.pool.sks-keyservers.net ,the former is
> protected already as tor usage would be to an endpoint running a tor
> hidden service.
>
> That change would also be consistent with
> https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8fb482252436b3b4b0b33663d95d1d17188ad1d9
>
Not quite sure I get this.
So what this means is that effectively gnupg still uses plaintext connections to update public keys by default, does it not?
If the change I suggested is not correct, shouldn't we find another way to use secure connection by default whenever possible?
As it is now, the default fallback mentioned in the referenced commit never takes effect as long as the skel file is used.
More information about the Gnupg-users
mailing list