keys.gnupg.net is blocked by Palo Alto Wildfire

Tim Perkins tim.perkins at nwea.org
Fri Aug 10 02:20:49 CEST 2018


Not sure if this is the right place to send this, but I figured I’d start here since keys.gnupg.net seems to be hardcoded as a default in the source code for GnuPG.

The company I work for leverages Palo Alto products for security, and we recently observed that keys.gnupg.net was not resolving properly. After digging into it, we discovered that Palo Alto is flagging keys.gnupg.net as a Malware site.

I’ve gone ahead and submitted a request for them to reclassify it as a non-malicious “Computer and Internet Info,” but that doesn’t exactly answer _why_ it was flagged. And it looks like they may have just changed it while I was in the process of writing this email (can be checked at https://urlfiltering.paloaltonetworks.com/query/ ).

I did observe that at least one of the pool members seems to not be configured properly (if I do a ‘curl -k -H 'Host: http-keys.gnupg.net' https://37.191.226.104’ it displays a busted Matomo page).

And I’m left wondering if one of the pool members was serving up something that caused Palo Alto to flag keys.gnupg.net.

Oddly enough, neither hkps.pool.sks-keyservers.net nor sks-keyserver.net was blocked.

--Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180810/fc63f48b/attachment.html>


More information about the Gnupg-users mailing list