Am 17.02.2017 um 20:43 schrieb Kristian Fiskerstrand: > On 02/17/2017 07:17 PM, Kristian Fiskerstrand wrote: >> On 02/17/2017 07:00 PM, [email protected] wrote: >>> keyserver hkps://jirk5u4osbsr34t5.onion >>> keyserver hkps://keys.gnupg.net >>> >>> would solve this I guess. >> >> No, that'd result in certificate errors and non-responsive servers >> > > That said, you are indeed correct, and skel file is used to create > dirmngr.conf on other systems as well (it has been a while since > starting with a fresh homedir :) ) ... if wanting hkps the latter should > be switched to hkps://hkps.pool.sks-keyservers.net ,the former is > protected already as tor usage would be to an endpoint running a tor > hidden service. > > That change would also be consistent with > https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=8fb482252436b3b4b0b33663d95d1d17188ad1d9 >
Not quite sure I get this. So what this means is that effectively gnupg still uses plaintext connections to update public keys by default, does it not? If the change I suggested is not correct, shouldn't we find another way to use secure connection by default whenever possible? As it is now, the default fallback mentioned in the referenced commit never takes effect as long as the skel file is used. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
