On Sun, 26 May 2019 22:39, gnupg-de...@spodhuis.org said:

> With the various problems of SKS today, I tentatively suggest that not
> defaulting to the HKPS pool and choosing a different target for the
> keys.gnupg.net CNAME might be beneficial.

FWIW, keys.gnupg.net is since gnupg 2.2.7 not a CNAME name but aliased
by dirmngr in this way:

  hkps://keys.gnupg.net       -> hkps://hkps.pool.sks-keyservers.net
  https://keys.gnupg.net      -> https://hkps.pool.sks-keyservers.net
  hkp://keys.gnupg.net        -> hkp://hkps.pool.sks-keyservers.net
  http://keys.gnupg.net       -> http://hkps.pool.sks-keyservers.net
  hkps://http-keys.gnupg.net  -> hkps://ha.pool.sks-keyservers.net
  https://http-keys.gnupg.net -> https://ha.pool.sks-keyservers.net
  hkp://http-keys.gnupg.net   -> hkp://ha.pool.sks-keyservers.net
  http://http-keys.gnupg.net  -> http://ha.pool.sks-keyservers.net

  keys.gnupg.net              -> hkps://hkps.pool.sks-keyservers.net
  http-keys.gnupg.net         -> hkps://ha.pool.sks-keyservers.net

this was needed to void problems with server name matching.  Thus we
can't change that easily.  Anyway, it is suggested tha the default
keyserver is used which is  hkps://hkps.pool.sks-keyservers.net  To
change this the keyserver option in dirmngr.conf needs to be used.

> suspect that >> subset.pool.sks-keyservers.net << is likely to be the
> best choice for GnuPG; the meaning of "subset" changes over time,

I am pretty sure that changing to this as the default will raise a lot
of concerns from the folks who want to elimiated the use of the string
"http://";.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to