New keyserver at keys.openpgp.org - what's your take?
Andrew Gallagher
andrewg at andrewg.com
Wed Jul 3 10:17:51 CEST 2019
On 03/07/2019 05:46, Phil Pennock via Gnupg-users wrote:
> Beware: the HKP schema of paths is used with the keyserver in that
> field, in GnuPG at least.
OK, but what's the failure mode? If it's graceful, then we haven't lost
much. So long as key updates fall back to a keyserver somewhere it
should be transparent.
This does of course need thorough testing, as not all clients will have
the same failure modes.
> Using http:/https: didn't help, HKP was still used.
Yes, from my reading this is expected behaviour. It would be relatively
straightforward to create a server-side alias for the HKP URL, depending
on what else is deployed at that location.
> I got around it later by specifying a `finger:` URL. :)
> It's been 30-40 years since folks last revamped the conventions on top
> of finger. That one is safe.
I didn't even know it supported finger URLs - handy to know! Opening a
finger port may be a step too far for the security-conscious though...
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190703/9a34d499/attachment.sig>
More information about the Gnupg-users
mailing list