Groups | Search | Server Info | Login | Register

Groups > linux.debian.security > #6490

Re: Keyserver for gpg.conf ?

Path csiph.com!weretis.net!feeder8.news.weretis.net!srl.newsdeef.eu!news.corradoroberto.it!gothmog.csi.it!bofh.it!news.nic.it!robomod
From Jeffrey Walton <noloader@gmail.com>
Newsgroups linux.debian.security
Subject Re: Keyserver for gpg.conf ?
Date Mon, 17 Nov 2025 17:00:02 +0100
Message-ID <LS9O2-dFgx-9@gated-at.bofh.it> (permalink)
References <LRkVb-d7Jl-5@gated-at.bofh.it>
X-Original-To Francesco Poli <invernomuto@paranoici.org>
X-Mailbox-Line From debian-security-request@lists.debian.org Mon Nov 17 15:49:56 2025
Old-Return-Path <noloader@gmail.com>
X-Amavis-Spam-Status No, score=-5.199 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, GOOGLESEARCH=2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no
X-Policyd-Weight using cached result; rate: -5.5
X-Gm-Message-State AOJu0YxhsrjUxPqmJnuoJp2p10iM6WvsB7lfF2Q4kYwR7LSwwAD7RKHh pjcR/uZ+3C8diGNl8Nz6RYPOXyAAyV7gM6U0S59mkke2kOj8SbQGBEuZZYQT8J6Nf0e3YPs0aMz snIYSbECAnz4NyIcnWIzzYa0mhhnilrtgwbJw
X-Gm-Gg ASbGncswidnBAIIL1L4GH3LW5SDJ5wxfskBXdY2veZ1zVppfVMG14nylOLW/f6MlwwM iRuoZrMIIqtsOV7+MBmrGjO6yxydCknhejiPhQI3/gAdvoL4QkJl7cZEjvzZLkDLc3M0BpmP0F7 3C+o41NYfTmU9ZYwUOHbHA5rGFRyFYop33Ip2mUIUPtHKkPyTCvbY7gpKceN1GQPo81dVtYOxlh mwB9NAMHyVhvFHn3nwuue2KeEqQWiOwyhaSg09iWkKoLbXkwwB9T/BFgjVShfysG1XhF+QPwNK/ felp
X-Google-SMTP-Source AGHT+IEkDbXvLfbK8aO7Q7gsm8DU5xq0ioL6tJO1JeujcosBs6PBg8ySDGTQAJZGyG1WuOjrZ4oFq0eNo3gvU5WsR3U=
X-Received by 2002:a05:6512:8013:20b0:595:91dc:727c with SMTP id 2adb3069b0e04-59591dc7541mr1017806e87.35.1763394577640; Mon, 17 Nov 2025 07:49:37 -0800 (PST)
MIME-Version 1.0
Reply-To noloader@gmail.com
X-Gm-Features AWmQ_blXzeiShRzn1qgdIvSedvcIbBT0BDXWR0zDGP3rtIcWNoXzOQdbafQ9NLA
Content-Type text/plain; charset="UTF-8"
Content-Transfer-Encoding quoted-printable
X-Mailing-List <debian-security@lists.debian.org> archive/latest/29694
List-ID <debian-security.lists.debian.org>
List-URL <https://lists.debian.org/debian-security/>
List-Archive https://lists.debian.org/msgid-search/CAH8yC8nXaNU3Me0y9uRwRYEQ_anH7Gp6NLMhvWX0GHaLZbedWQ@mail.gmail.com
Approved robomod@news.nic.it
Lines 83
Organization linux.* mail to news gateway
Sender robomod@news.nic.it
X-Original-Cc Debian-security <debian-security@lists.debian.org>
X-Original-Date Mon, 17 Nov 2025 10:49:00 -0500
X-Original-Message-ID <CAH8yC8nXaNU3Me0y9uRwRYEQ_anH7Gp6NLMhvWX0GHaLZbedWQ@mail.gmail.com>
X-Original-References <20251115103427.4fc727b3c8f9d3cb2e2fd642@paranoici.org>
Xref csiph.com linux.debian.security:6490

Show key headers only | View raw

On Sat, Nov 15, 2025 at 8:10 AM Francesco Poli
<invernomuto@paranoici.org> wrote:
>
> Hello everyone!
>
> I had
>
>   keyserver hkps://pgp.surf.nl
>
> in my ~/.gnupg/gpg.conf , but I have been experiencing issues with it
> for the last few days, see the following excerpt from /var/log/syslog :
>
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: selecting a different host due to a 503 (Service Unavailable)
>   dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op=get&options=mr&search=0x............': http status 503
>   dirmngr[3569]: command 'KS_GET' failed: No data
>
>
> I tried to change keyserver.
> The Debian wiki key signing [page] suggests the following ones (beyond
> the Debian keyring one):
>
>  * https://keyserver.ubuntu.com (recommended)
>  * https://keys.openpgp.org/ (used by Thunderbird)
>  * https://pgp.surf.nl/
>  * https://pgp.mit.edu
>
> [page]: <https://wiki.debian.org/Keysigning>
>
> Among these, I only managed to make the following one work:
>
>   keyserver hkps://pgp.mit.edu

Daniel Kahn Gillmor (dkg) recommends using a constrained keyserver
like keys.openpgp.org if you want to check for certificate updates,
revocation, expiration, or subkey rollover.  If there's a problem with
OpenPGS's keyserver, then it might be a good idea to contact them.

Also note that newer OpenPGP servers can give older GnuPG clients
problems.  See <https://www.google.com/search?q=openpgp+gnupg+key+server+interoperability+issues>.

> But it seems to work unreliably, it worked for a couple of key
> refreshes, but now it's giving me:
>
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: command 'KS_GET' failed: No keyserver available
>   dirmngr[4391]: host 'pgp.mit.edu' marked as dead
>   dirmngr[4391]: command 'KS_GET' failed: No keyserver available
>
> Which keyserver do you currently use/recommend ?
>
> Thanks for any help you may provide!
>
> P.S.: please Cc me on replies, I am not subscribed to the list.

Jeff

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-15 10:40 +0100
  Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-15 19:10 +0100
    Re: Keyserver for gpg.conf ? Holger Levsen <holger@layer-acht.org> - 2025-11-15 21:50 +0100
      Re: Keyserver for gpg.conf ? debianmailinglists.hz5zm@simplelogin.com - 2025-11-16 04:10 +0100
        Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
        Re: Keyserver for gpg.conf ? Jeremy Stanley <fungi@yuggoth.org> - 2025-11-17 16:30 +0100
          Re: Keyserver for gpg.conf ? Jeffrey Walton <noloader@gmail.com> - 2025-11-17 16:40 +0100
      Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
    Re: Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-16 13:40 +0100
      Re: Keyserver for gpg.conf ? Gunnar Wolf <gwolf@debian.org> - 2025-11-16 17:10 +0100
  Re: Keyserver for gpg.conf ? Jeffrey Walton <noloader@gmail.com> - 2025-11-17 17:00 +0100
    Re: Keyserver for gpg.conf ? Francesco Poli <invernomuto@paranoici.org> - 2025-11-17 18:40 +0100
      Re: Keyserver for gpg.conf ? Jeremy Stanley <fungi@yuggoth.org> - 2025-11-17 18:50 +0100
      Re: Keyserver for gpg.conf ? debianmailinglists.hz5zm@simplelogin.com - 2025-11-18 01:50 +0100

csiph-web