New keyserver at - what's your take?

Andrew Gallagher andrewg at
Wed Jul 3 10:17:51 CEST 2019

On 03/07/2019 05:46, Phil Pennock via Gnupg-users wrote:
> Beware: the HKP schema of paths is used with the keyserver in that
> field, in GnuPG at least.

OK, but what's the failure mode? If it's graceful, then we haven't lost
much. So long as key updates fall back to a keyserver somewhere it
should be transparent.

This does of course need thorough testing, as not all clients will have
the same failure modes.

> Using http:/https: didn't help, HKP was still used.

Yes, from my reading this is expected behaviour. It would be relatively
straightforward to create a server-side alias for the HKP URL, depending
on what else is deployed at that location.

> I got around it later by specifying a `finger:` URL.  :)
> It's been 30-40 years since folks last revamped the conventions on top
> of finger.  That one is safe.

I didn't even know it supported finger URLs - handy to know! Opening a
finger port may be a step too far for the security-conscious though...

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list