-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Fri, 2019-03-01 at 15:24 -0500, Daniel Kahn Gillmor wrote: > Hi Jim-- > > On Thu 2019-02-28 14:51:07 -0500, Jim Popovitch wrote: > > When a client uses HKPS keyservers dirmngr fails hard due to TLS > > certificate validation errors: > > what pool are you using in particular? it looks to me like you're using > "ha.pool.sks-keyservers.net" > > However, https://sks-keyservers.net/overview-of-pools.php#pool_ha > suggests that there is no guarantee that servers in that pool all offer > hkps. If you want hkps, you should use > hkps://hkps.pool.sks-keyservers.net (conveniently, that happens to also > be the default setting, which means it should be able to work with no > keyserver setting in either ~/.gnupg/gpg.conf or ~/.gnupg/dirmngr.conf.
Daniel, The problem (and I know this isn't Debian specific, but it does affect Debian users of dirmngr) is that the servers in hkps.pool.sks- keyservers.net exist in Europe, whereas ha.pool and na.pool have greater access. Ideally, in 2019, the totality of the pool servers should all have TLS support. Debian should be spearheading this effort. - -Jim P. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb헹ᐔॱ萀⠤䇔数 fkXVtw//UUGEpK2pSY1YQehvvIX25BLlRkYO8HVw2z4BpuKvg1D08tHBxYDcO6ul 9yfyYfR5qDe0B7dicWsSU0/찌艕엏텚链牱솓閙ꁯퟖ㖁ꘜ R9RuYlMlXJ9YG/yPW0r7LkA/DuzZqH8jMPYeHQrtWVFx6loF7GsF3EYlQnW2Mzwk zymP0eBCXPS2qFcE1atj05KAawrGuYDA3pLfsRnaGKiV8M44qpXUsj1EfMv2rPGD pPGTn805kSPrGxRqTqa6u/020f08zg/G2kodkgeLG9L㶐�ᙸ㻊鯑 Fq/eLB잳ꙹ圌䲹㊎쭁ᴴ猭כ六暑瀋큥쏰.ꨯ㞷쵃ꛪ揲 gBSP8ixrhsGhN3XO塸㎐譃云㲙㐧䪻Ⴤꇎ㥛⦸㧐幙蟺 bfqAN6Kx62oE2ZX7B쩜譬�ꏱ掜莅➤魢ᙀﳕ쌕茾 ƒꐣ烘「椧崠固埫ᜁ␦궑㎎嬓㧹䐲⹐ᠭ뀷 znARzoZ9pW᪪藮ﻱᮄᓜট꾠殞ⴀ�뽀쇒蝸Ⱙꌾ�놠䎨 yTA땞ⶱ앾뎾ﺅᨠ湗䷻嶻푱ۨ氠煚罤豶꫶珴= =wO -----END PGP SIGNATURE-----
