If a keyserver URI is specified with no scheme, gnupg defaults to using HKP on port 11371. keyserver traffic is even more than other traffic something that shouldn't be plaintext, so I would welcome a change to default to HTTPS, requiring users who want to use a plaintext transport to be explicit about it.
Description
Description
Details
Details
- Version
- 2.2.13
Related Objects
Related Objects
Event Timeline
Comment Actions
Hey there. I wanted to bring this up again, to see if we can perhaps get this changed after all:
- gnupg still defaults to sending keyserver lookups in plaintext (!) if hkps is not explicitly given
- keyservers are, as a matter of fact, still in active use by hundreds of thousands of people
- we still get significant traffic on port 11371 on keys.o.o, which we redirect to https
- 100% of that traffic is gnupg, presumably from users putting the domain without a protocol in their config, not a deliberate choice to use a plain text protocol
Thanks for considering