On Sun, 26 May 2019 22:39, gnupg-de...@spodhuis.org said: > With the various problems of SKS today, I tentatively suggest that not > defaulting to the HKPS pool and choosing a different target for the > keys.gnupg.net CNAME might be beneficial.
FWIW, keys.gnupg.net is since gnupg 2.2.7 not a CNAME name but aliased by dirmngr in this way: hkps://keys.gnupg.net -> hkps://hkps.pool.sks-keyservers.net https://keys.gnupg.net -> https://hkps.pool.sks-keyservers.net hkp://keys.gnupg.net -> hkp://hkps.pool.sks-keyservers.net http://keys.gnupg.net -> http://hkps.pool.sks-keyservers.net hkps://http-keys.gnupg.net -> hkps://ha.pool.sks-keyservers.net https://http-keys.gnupg.net -> https://ha.pool.sks-keyservers.net hkp://http-keys.gnupg.net -> hkp://ha.pool.sks-keyservers.net http://http-keys.gnupg.net -> http://ha.pool.sks-keyservers.net keys.gnupg.net -> hkps://hkps.pool.sks-keyservers.net http-keys.gnupg.net -> hkps://ha.pool.sks-keyservers.net this was needed to void problems with server name matching. Thus we can't change that easily. Anyway, it is suggested tha the default keyserver is used which is hkps://hkps.pool.sks-keyservers.net To change this the keyserver option in dirmngr.conf needs to be used. > suspect that >> subset.pool.sks-keyservers.net << is likely to be the > best choice for GnuPG; the meaning of "subset" changes over time, I am pretty sure that changing to this as the default will raise a lot of concerns from the folks who want to elimiated the use of the string "http://". Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel