Keyservers and GDPR
Werner Koch
wk at gnupg.org
Wed May 29 08:56:10 CEST 2019
On Sun, 26 May 2019 22:39, gnupg-devel at spodhuis.org said:
> With the various problems of SKS today, I tentatively suggest that not
> defaulting to the HKPS pool and choosing a different target for the
> keys.gnupg.net CNAME might be beneficial.
FWIW, keys.gnupg.net is since gnupg 2.2.7 not a CNAME name but aliased
by dirmngr in this way:
hkps://keys.gnupg.net -> hkps://hkps.pool.sks-keyservers.net
https://keys.gnupg.net -> https://hkps.pool.sks-keyservers.net
hkp://keys.gnupg.net -> hkp://hkps.pool.sks-keyservers.net
http://keys.gnupg.net -> http://hkps.pool.sks-keyservers.net
hkps://http-keys.gnupg.net -> hkps://ha.pool.sks-keyservers.net
https://http-keys.gnupg.net -> https://ha.pool.sks-keyservers.net
hkp://http-keys.gnupg.net -> hkp://ha.pool.sks-keyservers.net
http://http-keys.gnupg.net -> http://ha.pool.sks-keyservers.net
keys.gnupg.net -> hkps://hkps.pool.sks-keyservers.net
http-keys.gnupg.net -> hkps://ha.pool.sks-keyservers.net
this was needed to void problems with server name matching. Thus we
can't change that easily. Anyway, it is suggested tha the default
keyserver is used which is hkps://hkps.pool.sks-keyservers.net To
change this the keyserver option in dirmngr.conf needs to be used.
> suspect that >> subset.pool.sks-keyservers.net << is likely to be the
> best choice for GnuPG; the meaning of "subset" changes over time,
I am pretty sure that changing to this as the default will raise a lot
of concerns from the folks who want to elimiated the use of the string
"http://".
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190529/46be5fb3/attachment.sig>
More information about the Gnupg-devel
mailing list