Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider implementing explicit API support for keys.openpgp.org #294

Open
theseer opened this issue Nov 20, 2020 · 8 comments
Open

Consider implementing explicit API support for keys.openpgp.org #294

theseer opened this issue Nov 20, 2020 · 8 comments

Comments

@theseer
Copy link
Member

theseer commented Nov 20, 2020

Currently we use the "compat api" that mimiks the API provided by sks-keyservers.

/cc @jaapio
@theseer
Copy link
Member Author

theseer commented Jun 14, 2021

Given that sks-keyservers flagged themselves as legacy and are about to die out, we probably should just remove their support and focus on explicitly supporting the newer API.

@szepeviktor
Copy link
Contributor

szepeviktor commented Jul 6, 2021
edited
Loading

sks-keyservers.net pool DNS records disabled effective immediately

https://www.reddit.com/r/crypto/comments/o7oh4w/skskeyserversnet_pool_dns_records_disabled/

$ host ha.pool.sks-keyservers.net
Host ha.pool.sks-keyservers.net not found: 3(NXDOMAIN)

@szepeviktor
Copy link
Contributor

szepeviktor commented Jul 6, 2021
edited
Loading

@theseer Please remove SKS from source and docs.

Temporarily we could use keys.openpgp.org

@theseer
Copy link
Member Author

theseer commented Jul 6, 2021

You lost me: What does sks-keyservers have to do with the API provided by keys.openpgp.org?

Temporarily we could use keys.openpgp.org

What do you mean and why "temporarily"?

@szepeviktor
Copy link
Contributor

keys.openpgp.org is an alternative to SKS servers. My PHIVE GitHub Action just stopped working - that is why I've commented here.

@theseer
Copy link
Member Author

theseer commented Jul 6, 2021

@theseer Please remove SKS from source and docs.

Given the DNS does no longer resolve, this is basically a no-op. On top: SKS-Keyserver already are the last resort entry (see: https://github.com/phar-io/phive/blob/master/conf/pgp-keyservers.php) and basically shouldn't be reached in 99,9% of all cases.

We indeed should remove sks references from the phar.io website.

@szepeviktor
Copy link
Contributor

SKS-Keyserver already are the last resort entry

I see! :)

@theseer
Copy link
Member Author

theseer commented Jul 6, 2021

keys.openpgp.org is an alternative to SKS servers. My PHIVE GitHub Action just stopped working - that is why I've commented here.

I know what keys.openpgp.org is. Phive uses it as the default server - read: first server -, with a fallback to the keyserver run by canonical for ubuntu in case the key is not found there.

And it's a lot more than just an alternative, also providing a different API. Hence, this ticket.
The fact sks keyservers got shut down is not in any way related to this issue.

Using keys.openpgp.org is NOT a temporary option. The key handling is different and not all keys that are (or by now were) listed in sks' servers are available on openpgp.org yet.

Again, nothing to do with this issue at all: This is about implementing explicit support for the keys.openpgp.org provided API.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theseer @szepeviktor