Path: csiph.com!weretis.net!feeder8.news.weretis.net!srl.newsdeef.eu!news.corradoroberto.it!gothmog.csi.it!bofh.it!news.nic.it!robomod From: Jeffrey Walton Newsgroups: linux.debian.security Subject: Re: Keyserver for gpg.conf ? Date: Mon, 17 Nov 2025 17:00:02 +0100 Message-ID: References: X-Original-To: Francesco Poli X-Mailbox-Line: From debian-security-request@lists.debian.org Mon Nov 17 15:49:56 2025 Old-Return-Path: X-Amavis-Spam-Status: No, score=-5.199 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, GOOGLESEARCH=2, LDO_WHITELIST=-5, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no autolearn_force=no X-Policyd-Weight: using cached result; rate: -5.5 X-Gm-Message-State: AOJu0YxhsrjUxPqmJnuoJp2p10iM6WvsB7lfF2Q4kYwR7LSwwAD7RKHh pjcR/uZ+3C8diGNl8Nz6RYPOXyAAyV7gM6U0S59mkke2kOj8SbQGBEuZZYQT8J6Nf0e3YPs0aMz snIYSbECAnz4NyIcnWIzzYa0mhhnilrtgwbJw X-Gm-Gg: ASbGncswidnBAIIL1L4GH3LW5SDJ5wxfskBXdY2veZ1zVppfVMG14nylOLW/f6MlwwM iRuoZrMIIqtsOV7+MBmrGjO6yxydCknhejiPhQI3/gAdvoL4QkJl7cZEjvzZLkDLc3M0BpmP0F7 3C+o41NYfTmU9ZYwUOHbHA5rGFRyFYop33Ip2mUIUPtHKkPyTCvbY7gpKceN1GQPo81dVtYOxlh mwB9NAMHyVhvFHn3nwuue2KeEqQWiOwyhaSg09iWkKoLbXkwwB9T/BFgjVShfysG1XhF+QPwNK/ felp X-Google-SMTP-Source: AGHT+IEkDbXvLfbK8aO7Q7gsm8DU5xq0ioL6tJO1JeujcosBs6PBg8ySDGTQAJZGyG1WuOjrZ4oFq0eNo3gvU5WsR3U= X-Received: by 2002:a05:6512:8013:20b0:595:91dc:727c with SMTP id 2adb3069b0e04-59591dc7541mr1017806e87.35.1763394577640; Mon, 17 Nov 2025 07:49:37 -0800 (PST) MIME-Version: 1.0 Reply-To: noloader@gmail.com X-Gm-Features: AWmQ_blXzeiShRzn1qgdIvSedvcIbBT0BDXWR0zDGP3rtIcWNoXzOQdbafQ9NLA Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Mailing-List: archive/latest/29694 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/CAH8yC8nXaNU3Me0y9uRwRYEQ_anH7Gp6NLMhvWX0GHaLZbedWQ@mail.gmail.com Approved: robomod@news.nic.it Lines: 83 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Cc: Debian-security X-Original-Date: Mon, 17 Nov 2025 10:49:00 -0500 X-Original-Message-ID: X-Original-References: <20251115103427.4fc727b3c8f9d3cb2e2fd642@paranoici.org> Xref: csiph.com linux.debian.security:6490 On Sat, Nov 15, 2025 at 8:10=E2=80=AFAM Francesco Poli wrote: > > Hello everyone! > > I had > > keyserver hkps://pgp.surf.nl > > in my ~/.gnupg/gpg.conf , but I have been experiencing issues with it > for the last few days, see the following excerpt from /var/log/syslog : > > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: selecting a different host due to a 503 (Service Unavail= able) > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: selecting a different host due to a 503 (Service Unavail= able) > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: selecting a different host due to a 503 (Service Unavail= able) > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: selecting a different host due to a 503 (Service Unavail= able) > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: selecting a different host due to a 503 (Service Unavail= able) > dirmngr[3569]: error accessing 'https://pgp.surf.nl:443/pks/lookup?op= =3Dget&options=3Dmr&search=3D0x............': http status 503 > dirmngr[3569]: command 'KS_GET' failed: No data > > > I tried to change keyserver. > The Debian wiki key signing [page] suggests the following ones (beyond > the Debian keyring one): > > * https://keyserver.ubuntu.com (recommended) > * https://keys.openpgp.org/ (used by Thunderbird) > * https://pgp.surf.nl/ > * https://pgp.mit.edu > > [page]: > > Among these, I only managed to make the following one work: > > keyserver hkps://pgp.mit.edu Daniel Kahn Gillmor (dkg) recommends using a constrained keyserver like keys.openpgp.org if you want to check for certificate updates, revocation, expiration, or subkey rollover. If there's a problem with OpenPGS's keyserver, then it might be a good idea to contact them. Also note that newer OpenPGP servers can give older GnuPG clients problems. See . > But it seems to work unreliably, it worked for a couple of key > refreshes, but now it's giving me: > > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: command 'KS_GET' failed: No keyserver available > dirmngr[4391]: host 'pgp.mit.edu' marked as dead > dirmngr[4391]: command 'KS_GET' failed: No keyserver available > > Which keyserver do you currently use/recommend ? > > Thanks for any help you may provide! > > P.S.: please Cc me on replies, I am not subscribed to the list. Jeff