[pkg-gnupg-maint] Bug#943952: Bug#943952: Acknowledgement (gpg --locate-key fails to find keys via "basic/direct" URLs)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Feb 12 21:35:46 GMT 2020

On Fri 2019-11-01 17:07:15 +0100, Hans-Christoph Steiner wrote:
> I think I found the source of the issue, it seems that gpg ignores HTTP
> Redirects:

rather, i think that dirmngr ignores some http redirection.   I've
opened https://gitlab.com/openpgp-wg/webkey-directory/issues/5 to try to
get the spec to clarify when that is acceptable.

In the meantime, if you're trying to use keys.openpgp.org for your WKD,
you should be able to just CNAME openpgpkey.$domain to keys.openpgp.org,
and it will Just Work™ (ccing Vincent here, who is responsible for this
black magic).  This uses the "advanced" URL of course, so it should take
precedent over any "direct" URL.

Whether such a CNAME is a good idea or not depends on what you expect
from keys.openpgp.org, of course…



More information about the pkg-gnupg-maint mailing list