When downloading a key from a keyserver with --recv-key it appears that gnupg
does not check that the keyid of the downloaded key matches the keyid of the
requested key. It would be nice to get a --stict mode (or even make that
default) that warns/refuses if the keyids are not matching.
If you agree with the general idea I can looking into providing a patch for this.