keys.gnupg.net

John A. Wallace jw72253 at verizon.net
Sat Nov 19 05:09:02 CET 2011


> -----Original Message-----
> From: John A. Wallace [mailto:jw72253 at verizon.net]
> Sent: Friday, November 18, 2011 9:08 PM
> To: 'gnupg-users at gnupg.org'
> Subject: keys.gnupg.net
> 
> Hello.  In my web browser I am looking at the url of keys.gnupg.net,
> which has the following title on top of its page: SKS OpenPGP
> Keyserver at zimmermann.mayfirst.org. This site allows me to check or
> submit public keys.  On that page there are some instructions in a
> section called "Access", and it states:
> 
> To use this server directly via HKP add this to your .PGP keyserver
> list:
> 
> 	x-hkp://zimmermann.mayfirst.org
> 	http://zimmermann.mayfirst.org:11371
> 
> 	For users of GnuPG, add the following to ~/.gnupg/gpg.conf:
> 
> 	keyserver hkp://zimmermann.mayfirst.org
> 
> 
> Now when I went to look at the site noted above (i.e.,
> http://zimmermann.mayfirst.org), it appears to be exactly the same as
> the first page, the one with a url of "keys.gnupg.net".  So, is this an
> officialy sanctioned site by gnupg, one which is simply redirected?
> 
> Secondly, regarding the instructions, already in my gpg.conf file I
> have this line: "keyserver hkp://keys.gnupg.net"; so, would there be
> any point in changing it?
> 
> More importantly, in the same instructions it states this:
> 
> 	"This server is also available secured by TLS (via hkps).... You
> can use HKPS by dropping 	the May First/People Link Certificate
> Authority's certificate into ~/.gnupg/mfpl.crt, and 	then adding the
> following lines to ~/.gnupg/gpg.conf:
> 
> 	keyserver hkps://zimmermann.mayfirst.org
> 	keyserver-options ca-cert-file=/home/YOURNAME/.gnupg/mfpl.crt"
> 
> Therefore, if this is in fact an officially sanctioned site, I should
> prefer to have this latter option for use as it supports encrypted key
> transfer processes.  I am assuming that there should be only one entry
> for the "keyserver" name option although the online instructions do not
> explicitly state so? Thanks.
> 
> John
 
In addition, it seems to imply to me from the instructions online at
http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Configuration-Opt
ions.html, that I could in fact use more than one "keyserver 'name'" option
in my 'gpg.conf' file; and that I could use different options for different
keyservers.  At least that is how I understand these instructions:

" After the keyserver name, optional keyserver configuration options may be
provided. These are the same as the global --keyserver-options from below,
but apply only to this particular keyserver."

Or is this instruction referring only to different options for different
"types" (e.g., hkp, ldap or mailto) of keyservers? I mean, if I am
interpreting it right, I could, theoretically, use these lines in gpg.conf:

keyserver hkp://keys.gnupg.net
keyserver hkps://zimmermann.mayfirst.org ca-cert-file=<path to
gnupghome>\mfpl.crt
keyserver-options verbose

Thanks.

John




More information about the Gnupg-users mailing list