New keyserver at keys.openpgp.org - what's your take?
Phil Pennock
gnupg-users at spodhuis.org
Wed Jul 3 06:46:49 CEST 2019
On 2019-07-02 at 11:56 +0200, Wiktor Kwapisiewicz via Gnupg-users wrote:
> On 01.07.2019 14:36, Andrew Gallagher wrote:
> > OpenPGP already has the "keyserver" field which is rarely used. It is
> > supposedly a hint to clients to tell them to prefer a particular
> > keyserver, but it could also be used as a hint to the keyservers
> > themselves, to tell them where the master copy of any public key can be
> > sourced.
>
> This sounds like a really good idea.
>
> This way only one place would have to be updated by the user and keyservers
> would automatically refresh key data themselves.
Beware: the HKP schema of paths is used with the keyserver in that
field, in GnuPG at least.
I can't find the logbooks I'd have kept "somewhere" of my experimenting
at the time, but key 0xACBB4324393ADE3515DA2DDA4D1E900E14C1CC04 in the
first self-sig I see from 2013, includes:
hashed subpkt 24 len 33 (preferred keyserver: hkp://ha.pool.sks-keyservers.net/)
and my recollection is that I had tried various alternatives, to point
to a fixed URL where the key was guaranteed to live, but it insisted on
the /pks/ layout, so I gave up and went with HKP, at least pointing
folks towards what at the time was the more reliable option, the HA
pool. Using http:/https: didn't help, HKP was still used.
I got around it later by specifying a `finger:` URL. :)
It's been 30-40 years since folks last revamped the conventions on top
of finger. That one is safe.
-Phil
More information about the Gnupg-users
mailing list