In gnupg before 2.1.0, gnupg would talk to the keyservers by invoking its
keyserver helper routines (e.g. /usr/lib/gnupg/gpgkeys_hkp). this meant that
other tools could provide alternate keyserver helpers for new transports. One
example of this was monkeysphere's /usr/lib/gnupg/gpgkeys_hkpms (hkp over TLS,
with the client certificate verified by the monkeysphere validation agent).
In 2.1.0, dirmngr takes over the network access, and doesn't appear to support
pluggable transports in this way.
This makes it so that i can't use an hkpms keyserver with dirmngr, afaict.
Is the plan to provide pluggable keyserver transports for dirmngr?
Failing that, would a patch be acceptable that performs monkeysphere-style
certificate verification for the TLS transport?