[pkg-gnupg-maint] Bug#923482: Bug#923482: Bug#923482: dirmngr HKPS fails due to poorly configured certificates on *.pool.sks-keyservers.net

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Mar 2 22:27:39 GMT 2019


Hi Jim--

On Fri 2019-03-01 18:01:52 -0500, Jim Popovitch wrote:
> Daniel, The problem (and I know this isn't Debian specific, but it does
> affect Debian users of dirmngr) is that the servers in hkps.pool.sks-
> keyservers.net exist in Europe, whereas ha.pool and na.pool have greater
> access. Ideally, in 2019, the totality of the pool servers should all
> have TLS support.  Debian should be spearheading this effort.

Debian isn't responsible for the sks pool, and a quick glance at
https://sks-keyservers.net/status/ suggests that not nearly enough SKS
servers in the pool support TLS to support the outcome you're aiming
for.

I sympathize with your goals -- i also want more hkps support available,
and would be happy to talk more about how we get there (or perhaps how
we replace the SKS keyserver pool with something different
entirely). But the debian BTS is not the right place to move that
forward.  A better place for this conversation would be:

    SKS development list <sks-devel at nongnu.org>
    https://lists.nongnu.org/mailman/listinfo/sks-devel

Regards,

        --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20190302/a673ee31/attachment.sig>


More information about the pkg-gnupg-maint mailing list