New keyserver at keys.openpgp.org - what's your take?
andrewg at andrewg.com
Wed Jul 3 10:17:51 CEST 2019
On 03/07/2019 05:46, Phil Pennock via Gnupg-users wrote:
> Beware: the HKP schema of paths is used with the keyserver in that
> field, in GnuPG at least.
OK, but what's the failure mode? If it's graceful, then we haven't lost
much. So long as key updates fall back to a keyserver somewhere it
should be transparent.
This does of course need thorough testing, as not all clients will have
the same failure modes.
> Using http:/https: didn't help, HKP was still used.
Yes, from my reading this is expected behaviour. It would be relatively
straightforward to create a server-side alias for the HKP URL, depending
on what else is deployed at that location.
> I got around it later by specifying a `finger:` URL. :)
> It's been 30-40 years since folks last revamped the conventions on top
> of finger. That one is safe.
I didn't even know it supported finger URLs - handy to know! Opening a
finger port may be a step too far for the security-conscious though...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users