diff --git a/g10/ChangeLog b/g10/ChangeLog
index 3db1b0ef1..0d8b1a803 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,20 @@
+2003-06-04  David Shaw  <dshaw@jabberwocky.com>
+
+	* options.skel: Use new hkp://subkeys.pgp.net as sample keyserver
+	since they at least handle subkeys correctly.
+
+	* options.h, g10.c (main), main.h, keylist.c (show_keyserver_url),
+	mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt,
+	parse_one_sig_subpkt, can_handle_critical): Add read-only support
+	for preferred keyserver subpackets.  They're basically policy URLs
+	with a different name.  Add a verify-option
+	"show-preferred-keyserver" to turn them on and off (on by default,
+	as per stable branch).
+
+	* g10.c (main): Add "--set-notation" as alias to "--notation-data"
+	this is to make things consistent with --set-policy-url meaning
+	both sigs and certs.
+
 2003-06-03  David Shaw  <dshaw@jabberwocky.com>
 
 	* options.h, g10.c (main), keylist.c (list_keyblock_print): Add
diff --git a/g10/g10.c b/g10/g10.c
index 0f6f36ccd..b61431e12 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -71,7 +71,7 @@ enum cmd_and_opt_values { aNull = 0,
     oUser	  = 'u',
     oVerbose	  = 'v',
     oCompress	  = 'z',
-    oNotation	  = 'N',
+    oSetNotation  = 'N',
     oBatch	  = 500,
     oSigNotation,
     oCertNotation,
@@ -485,9 +485,10 @@ static ARGPARSE_OPTS opts[] = {
     { oShowPhotos,   "show-photos", 0, "@" },
     { oNoShowPhotos, "no-show-photos", 0, "@" },
     { oPhotoViewer,  "photo-viewer", 2, "@" },
-    { oNotation,   "notation-data", 2, "@" },
-    { oSigNotation,   "sig-notation", 2, "@" },
-    { oCertNotation,  "cert-notation", 2, "@" },
+    { oSetNotation,  "set-notation", 2, "@" },
+    { oSetNotation,  "notation-data", 2, "@" }, /* Alias */
+    { oSigNotation,  "sig-notation", 2, "@" },
+    { oCertNotation, "cert-notation", 2, "@" },
 
     { 302, NULL, 0, N_(
   "@\n(See the man page for a complete listing of all commands and options)\n"
@@ -1176,7 +1177,8 @@ main( int argc, char **argv )
     opt.keyserver_options.include_subkeys=1;
     opt.keyserver_options.include_revoked=1;
     opt.keyserver_options.try_dns_srv=1;
-    opt.verify_options=VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION;
+    opt.verify_options=
+      VERIFY_SHOW_POLICY|VERIFY_SHOW_NOTATION|VERIFY_SHOW_KEYSERVER;
     opt.trust_model=TM_AUTO;
     opt.mangle_dos_filenames = 1;
 
@@ -1775,6 +1777,7 @@ main( int argc, char **argv )
 		  {"show-photos",VERIFY_SHOW_PHOTOS},
 		  {"show-policy-url",VERIFY_SHOW_POLICY},
 		  {"show-notation",VERIFY_SHOW_NOTATION},
+		  {"show-preferred-keyserver",VERIFY_SHOW_KEYSERVER},
 		  {NULL,0}
 		};
 
@@ -1795,7 +1798,7 @@ main( int argc, char **argv )
 	    else
 	      opt.exec_path_set=1;
 	    break;
-	  case oNotation:
+	  case oSetNotation:
 	    add_notation_data( pargs.r.ret_str, 0 );
 	    add_notation_data( pargs.r.ret_str, 1 );
 	    break;
diff --git a/g10/keylist.c b/g10/keylist.c
index 616cea8c9..680ff2f59 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -162,6 +162,47 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
   mode=2 for status messages only
 */
 
+void
+show_keyserver_url(PKT_signature *sig,int indent,int mode)
+{
+  const byte *p;
+  size_t len;
+  int seq=0,crit;
+  FILE *fp=mode?log_stream():stdout;
+
+  while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&len,&seq,&crit)))
+    {
+      if(mode!=2)
+	{
+	  int i;
+	  char *str;
+
+	  for(i=0;i<indent;i++)
+	    putchar(' ');
+
+	  /* This isn't UTF8 as it is a URL(?) */
+	  if(crit)
+	    str=_("Critical preferred keyserver: ");
+	  else
+	    str=_("Preferred keyserver: ");
+	  if(mode)
+	    log_info("%s",str);
+	  else
+	    printf("%s",str);
+	  print_string(fp,p,len,0);
+	  fprintf(fp,"\n");
+	}
+
+      /* TODO: put in a status-fd tag for preferred keyservers */
+    }
+}
+
+/*
+  mode=0 for stdout.
+  mode=1 for log_info + status messages
+  mode=2 for status messages only
+*/
+
 void
 show_notation(PKT_signature *sig,int indent,int mode)
 {
diff --git a/g10/main.h b/g10/main.h
index a7526c8bc..8657bba60 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -209,6 +209,7 @@ void reorder_keyblock (KBNODE keyblock);
 void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
 void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
 void show_policy_url(PKT_signature *sig,int indent,int mode);
+void show_keyserver_url(PKT_signature *sig,int indent,int mode);
 void show_notation(PKT_signature *sig,int indent,int mode);
 void dump_attribs(const PKT_user_id *uid,
 		  PKT_public_key *pk,PKT_secret_key *sk);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index ec812d757..9b091b222 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -1411,6 +1411,11 @@ check_sig_and_print( CTX c, KBNODE node )
 	      show_notation(sig,0,1);
 	    else
 	      show_notation(sig,0,2);
+
+	    if(opt.verify_options&VERIFY_SHOW_KEYSERVER)
+	      show_keyserver_url(sig,0,1);
+	    else
+	      show_keyserver_url(sig,0,2);
 	  }
 
 	if( !rc && is_status_enabled() ) {
diff --git a/g10/options.h b/g10/options.h
index 1a70277dc..7413ffb7e 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -234,8 +234,9 @@ struct {
 #define LIST_SHOW_VALIDITY   16
 #define LIST_SHOW_LONG_KEYID 32
 
-#define VERIFY_SHOW_PHOTOS   1
-#define VERIFY_SHOW_POLICY   2
-#define VERIFY_SHOW_NOTATION 4
+#define VERIFY_SHOW_PHOTOS    1
+#define VERIFY_SHOW_POLICY    2
+#define VERIFY_SHOW_NOTATION  4
+#define VERIFY_SHOW_KEYSERVER 8
 
 #endif /*G10_OPTIONS_H*/
diff --git a/g10/options.skel b/g10/options.skel
index e50f66ffe..5c8afced2 100644
--- a/g10/options.skel
+++ b/g10/options.skel
@@ -90,10 +90,10 @@
 # support).
 #
 # Example HKP keyserver:
-#      x-hkp://pgp.mit.edu
+#      x-hkp://subkeys.pgp.net
 #
 # Example email keyserver:
-#      mailto:pgp-public-keys@keys.nl.pgp.net
+#      mailto:pgp-public-keys@keys.pgp.net
 #
 # Example LDAP keyservers:
 #      ldap://pgp.surfnet.nl:11370
@@ -112,7 +112,7 @@
 # Most servers do synchronize with each other and DNS round-robin may
 # give you a quasi-random server each time.
 
-#keyserver x-hkp://pgp.mit.edu
+#keyserver x-hkp://subkeys.pgp.net
 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
 #keyserver ldap://pgp.surfnet.nl:11370
 #keyserver ldap://keyserver.pgp.com
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index a881840b2..dddff86a2 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -861,7 +861,8 @@ dump_sig_subpkt( int hashed, int type, int critical,
 	  printf(" %02X", buffer[i]);
 	break;
       case SIGSUBPKT_PREF_KS:
-	p = "preferred key server";
+	fputs("preferred key server: ", stdout );
+	print_string( stdout, buffer, length, ')' );
 	break;
       case SIGSUBPKT_PRIMARY_UID:
 	p = "primary user ID";
@@ -937,6 +938,7 @@ parse_one_sig_subpkt( const byte *buffer, size_t n, int type )
       case SIGSUBPKT_PREF_HASH:
       case SIGSUBPKT_PREF_COMPR:
       case SIGSUBPKT_POLICY:
+      case SIGSUBPKT_PREF_KS:
       case SIGSUBPKT_FEATURES:
       case SIGSUBPKT_REGEXP:
 	return 0;
@@ -993,9 +995,11 @@ can_handle_critical( const byte *buffer, size_t n, int type )
       case SIGSUBPKT_KEY_FLAGS:
       case SIGSUBPKT_PRIMARY_UID:
       case SIGSUBPKT_FEATURES:
-      case SIGSUBPKT_POLICY: /* Is it enough to show the policy? */
       case SIGSUBPKT_TRUST:
       case SIGSUBPKT_REGEXP:
+	/* Is it enough to show the policy or keyserver? */
+      case SIGSUBPKT_POLICY:
+      case SIGSUBPKT_PREF_KS:
 	return 1;
 
       default: