security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity
gnupg/doc
History
Daniel Kahn Gillmor 253024a536 Use hkps://keys.openpgp.org as the default keyserver 
As of 2.2.17, GnuPG will refuse to accept any third-party
certifications from OpenPGP certificates pulled from the keyserver
network.

The SKS keyserver network currently has at least a dozen popular
certificates which are flooded with enough unusable third-party
certifications that they cannot be retrieved in any reasonable amount
of time.

The hkps://keys.openpgp.org keyserver installation offers HKPS,
performs cryptographic validation, and by policy does not distribute
third-party certifications anyway.

It is not distributed or federated yet, unfortunately, but it is
functional, which is more than can be said for the dying SKS pool.
And given that GnuPG is going to reject all the third-party
certifications anyway, there is no clear "web of trust" rationale for
relying on the SKS pool.

One sticking point is that keys.openpgp.org does not distribute user
IDs unless the user has proven control of the associated e-mail
address.  This means that on standard upstream GnuPG, retrieving
revocations or subkey updates of those certificates will fail, because
upstream GnuPG ignores any incoming certificate without a user ID,
even if it knows a user ID in the local copy of the certificate (see
https://dev.gnupg.org/T4393).

However, we have three patches in
debian/patches/import-merge-without-userid/ that together fix that
bug.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Gbp-Pq: Name Use-hkps-keys.openpgp.org-as-the-default-keyserver.patch
2019-07-20 14:16:20 -04:00
..
examples doc: Remove unneccesary empty flags in vsndf.prf 2018-04-20 11:00:00 +02:00
a-decade-of-gnupg.txt doc: Typo fixes. 2014-12-14 12:15:21 +01:00
announce-2.0.txt sm/ 2006-11-14 10:23:21 +00:00
announce-2.1.txt doc: Revert the bug reporting address to bugs.gnupg.org 2017-07-24 10:43:27 +02:00
ChangeLog-2011 Generate the ChangeLog from commit logs. 2011-12-01 11:09:02 +01:00
com-certs.pem Remove all expired common CA certificates. 2014-11-04 21:47:03 +01:00
contrib.texi doc: Fix Martin Hellman's name. 2016-09-20 09:32:25 +09:00
DCO Add missing file. 2013-04-17 11:26:27 +02:00
debugging.texi g10,sm: Spell out --gen-key. 2016-12-13 17:30:55 +01:00
DETAILS gpg: Print revocation reason for "rvs" records. 2018-07-03 11:56:04 +02:00
dirmngr.texi Use hkps://keys.openpgp.org as the default keyserver 2019-07-20 14:16:20 -04:00
FAQ doc: Fix FAQ stub and remove faq build rules. 2015-03-04 15:10:52 +01:00
faq.org doc: Revert the bug reporting address to bugs.gnupg.org 2017-07-24 10:43:27 +02:00
fdl.texi Taken from NewPG 2003-01-09 13:24:01 +00:00
glossary.texi doc: Fix typos. 2016-09-20 09:56:22 +09:00
gnupg-badge-openpgp.eps * preset-passphrase.c (preset_passphrase): Handle --passphrase. 2004-12-21 19:05:15 +00:00
gnupg-badge-openpgp.jpg * preset-passphrase.c (preset_passphrase): Handle --passphrase. 2004-12-21 19:05:15 +00:00
gnupg-badge-openpgp.pdf Made make distcheck work again 2006-06-20 17:47:10 +00:00
gnupg-card-architecture.fig Changed to GPLv3. 2007-07-04 19:49:40 +00:00
gnupg-logo-tr.png Beautified the online html manual 2011-08-12 14:40:47 +02:00
gnupg-logo.eps Add new logo. 2007-03-08 18:31:56 +00:00
gnupg-logo.pdf doc: Add gnupg-logo.pdf 2014-07-03 11:03:22 +02:00
gnupg-logo.png doc: Improve the rendering of the manual 2014-06-25 11:15:45 +02:00
gnupg-module-overview.svg doc: Add a gnupg-module-overview picture. 2016-02-16 13:01:17 +01:00
gnupg.texi doc: Update description of displayed trust values. 2018-05-07 08:07:07 +02:00
gnupg7.texi Include dirmngr manual 2010-06-10 10:39:44 +00:00
gpg-agent.texi agent: Make the S2K calibration time runtime configurable. 2018-12-11 18:14:38 +01:00
gpg.texi gpg: With --auto-key-retrieve prefer WKD over keyservers. 2019-07-05 10:43:55 +02:00
gpgsm.texi gpgsm: default to 3072-bit keys. 2019-02-28 11:00:31 +01:00
gpgv.texi gpgv: Improve documentation for keyring choices 2019-03-07 07:55:51 +01:00
gpl.texi Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
HACKING doc: Fix Dijkstra 2017-12-08 07:40:06 +01:00
help.be.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.ca.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.cs.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.da.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.de.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.el.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.eo.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.es.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.et.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.fi.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.fr.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.gl.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.hu.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.id.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.it.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.ja.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.nb.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.pl.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.pt.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.pt_BR.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.ro.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.ru.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.sk.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.sv.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.tr.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.zh_CN.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
help.zh_TW.txt Change all http://www.gnu.org in license notices to https:// 2016-11-05 12:02:19 +01:00
howto-create-a-server-cert.texi gpgsm: default to 3072-bit keys. 2019-02-28 11:00:31 +01:00
howtos.texi Add a howto section. 2007-05-08 13:59:41 +00:00
instguide.texi doc: Do not end section names with "." 2016-09-20 16:15:19 +09:00
KEYSERVER Migrated more stuff to doc/ 2006-08-21 20:20:23 +00:00
Makefile.am doc: Update description of displayed trust values. 2018-05-07 08:07:07 +02:00
mkdefsinc.c doc: Escape file names in generated macros. 2016-07-06 19:35:15 +02:00
mksamplekeys Adjust awk to not add trailing whitespace. 2012-11-30 12:43:34 -05:00
Notes Fix more spelling 2016-09-17 16:00:37 +09:00
OpenPGP gpg: Remove all support for v3 keys and always create v4-signatures. 2014-10-17 13:32:16 +02:00
opt-homedir.texi doc: Fix typos. 2016-09-20 09:56:22 +09:00
qualified.txt add new certifciates 2008-06-25 11:14:48 +00:00
samplekeys.asc Refresh sample keys 2012-11-30 12:47:49 -05:00
scdaemon.texi doc: Typo fixes 2018-06-06 17:26:20 +02:00
see-also-note.texi More man pages. Added include files for 2 common paragraphs. 2006-08-18 13:05:39 +00:00
specify-user-id.texi gpg: Implement searching keys via keygrip. 2019-01-29 20:19:22 +01:00
sysnotes.texi doc: Do not end section names with "." 2016-09-20 16:15:19 +09:00
texi.css Beautified the online html manual 2011-08-12 14:40:47 +02:00
tools.texi gpgconf: Support --homedir for --launch. 2019-05-15 08:53:20 +02:00
TRANSLATE Clean up word replication. 2017-02-21 13:11:46 -05:00
trust-values.texi doc: Update description of displayed trust values. 2018-05-07 08:07:07 +02:00
vuln-announce-2007-multiple-message.txt Clean up word replication. 2017-02-21 13:11:46 -05:00
vuln-announce-2010-kbx-realloc.txt Some work on the dirmngr 2010-07-23 16:16:14 +00:00
vuln-announce-cve-2006-6235.txt 2006-12-06 16:38:34 +00:00
whats-new-in-2.1.txt Release 2.2.0 2017-08-28 11:18:26 +02:00
wks.texi gpg: default to 3072-bit RSA keys. 2019-07-20 14:16:20 -04:00
yat2m.c doc: Update yat2m to take care of SOURCE_DATE_EPOCH. 2017-07-05 11:01:36 +02:00