On Fri 2019-11-01 17:07:15 +0100, Hans-Christoph Steiner wrote: > I think I found the source of the issue, it seems that gpg ignores HTTP > Redirects:
rather, i think that dirmngr ignores some http redirection. I've opened https://gitlab.com/openpgp-wg/webkey-directory/issues/5 to try to get the spec to clarify when that is acceptable. In the meantime, if you're trying to use keys.openpgp.org for your WKD, you should be able to just CNAME openpgpkey.$domain to keys.openpgp.org, and it will Just Work™ (ccing Vincent here, who is responsible for this black magic). This uses the "advanced" URL of course, so it should take precedent over any "direct" URL. Whether such a CNAME is a good idea or not depends on what you expect from keys.openpgp.org, of course… Regards, --dkg