gabriel rosenkoetter on Sat, 5 Jul 2003 23:16:14 -0400

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] What keyserver to use?

On Sat, Jul 05, 2003 at 06:34:49PM +0000, John Beck wrote:
> My question is, if my key id is my email address, what information should I be
> putting in the <keyserver> field?

Your keyid isn't your email address, it's the last four bytes (eight
characters in hex representation) of your key's fingerprint. Your
email address works because GnuPG (and most other PGP
implementations) do a string search across the information in the
key when you give them a string.

I actually don't remember whether using your email address will work
for --send-key. I'm pretty sure it won't for --recv-key (because it
would put a ridiculous load on the keyserver to go do a pattern
match across all the data in its whole keyring).

On Sat, Jul 05, 2003 at 07:02:59PM -0400, Jeff Abrahamson wrote:
> You can put this in your ~/.gnupg/options file to avoid having to
> specify it each time.

Which is handy[1] in conjunction with keyserver-options auto-key-retrieve
because, if you're using an MUA like mutt that just makes a shell
call to gpg, it'll retrieve keys that show up on mailing lists but
aren't already on your public keyring.

Also, I think ~/.gnupg/options is deprecated; you might want to
switch that to gpg.conf. (It'll work the same way for now, but isn't
guaranteed to in the future, right David?)

>   keyserver
>   # Gabe R recommends:
>   #keyserver
> I will let Gabe remark on the difference between wwwkeys and subkeys.
> According to dig, sometimes they are the same host, sometimes not.

I'd strongly recommend switching. should be a
superset of That's a DNS round-robin for the
keyservers that don't mangle keys with various kinds of subkeys
attached to them (like say new subkeys after a given one has

Supporting the keyservers that have been too lazy to switch off the
broken version of pks they're using isn't helping the situation...

(That enough explanation?)

[1] Definiton 2 of "handy": security risk. Automatically downloading
things is almost always a bad idea. There's no more reason to assume
that gpg doesn't contain a buffer flow than there is to assume that
Microsoft Outlook doesn't. Now, gpg is probably a little bit more
careful with the data it retrieves from a keyserver... but still. Be
conscious of what you're having your software do for you.

gabriel rosenkoetter

Attachment: pgpD7KwggnV6i.pgp
Description: PGP signature